From 8ce7b1f2875986ff9c12d5a3f166a512b849f59d Mon Sep 17 00:00:00 2001 From: Alex Goodman Date: Mon, 29 Sep 2025 12:45:54 -0400 Subject: [PATCH 1/2] add automation around generating CLI and config Signed-off-by: Alex Goodman --- .github/actions/bootstrap/action.yaml | 15 + .github/workflows/update-reference-docs.yaml | 97 +++ Taskfile.yml | 3 + content/docs/projects/_index.md | 6 +- content/docs/reference/_index.md | 4 +- .../docs/reference/commands/grype-config.md | 57 +- content/docs/reference/commands/grype.md | 505 ++++++++++++++- .../docs/reference/commands/syft-config.md | 84 ++- content/docs/reference/commands/syft.md | 600 ++++++++++++++++-- cspell.json | 6 +- scripts/generate-reference-cli-docs.py | 188 ++++++ scripts/generate-reference-config-docs.py | 106 ++++ tasks.d/generate.yaml | 64 ++ 13 files changed, 1614 insertions(+), 121 deletions(-) create mode 100644 .github/workflows/update-reference-docs.yaml create mode 100755 scripts/generate-reference-cli-docs.py create mode 100755 scripts/generate-reference-config-docs.py create mode 100644 tasks.d/generate.yaml diff --git a/.github/actions/bootstrap/action.yaml b/.github/actions/bootstrap/action.yaml index 415f7d97..7e3a23ea 100644 --- a/.github/actions/bootstrap/action.yaml +++ b/.github/actions/bootstrap/action.yaml @@ -20,6 +20,14 @@ inputs: bootstrap-apt-packages: description: "Space delimited list of tools to install via apt" default: "" + python: + description: "Whether to install Python" + required: false + default: "false" + python-version: + description: "Python version to install" + required: false + default: "3.11" runs: using: "composite" @@ -31,6 +39,13 @@ runs: node-version: ${{ inputs.node-version }} cache: 'npm' + - name: Setup Python + uses: actions/setup-python@v5 + if: inputs.python == 'true' + with: + python-version: ${{ inputs.python-version }} + cache: 'pip' + - name: Restore tool cache if: inputs.tools == 'true' id: tool-cache diff --git a/.github/workflows/update-reference-docs.yaml b/.github/workflows/update-reference-docs.yaml new file mode 100644 index 00000000..1de457e8 --- /dev/null +++ b/.github/workflows/update-reference-docs.yaml @@ -0,0 +1,97 @@ +name: Update Reference Documentation + +on: +# schedule: +# # Run daily at 2 AM UTC +# - cron: '0 2 * * *' + workflow_dispatch: + push: + branches: + - main + paths: + - 'scripts/generate-reference-*' + - 'tasks.d/generate.yaml' + +permissions: + contents: write + pull-requests: write + +jobs: + update-docs: + name: Update Reference Documentation + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v5 + with: + submodules: true + persist-credentials: false + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Bootstrap environment + uses: ./.github/actions/bootstrap + with: + python: true + + - name: Generate reference documentation + run: | + echo "Generating reference documentation..." + .tool/task generate:reference + + - name: Check for changes + id: check-changes + run: | + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + + if git diff --quiet content/docs/reference/commands/; then + echo "No changes detected" + echo "has-changes=false" >> $GITHUB_OUTPUT + else + echo "Changes detected in reference documentation" + echo "has-changes=true" >> $GITHUB_OUTPUT + + # Show what changed + echo "Changed files:" + git diff --name-only content/docs/reference/commands/ + + # Show diff stats + echo "Diff summary:" + git diff --stat content/docs/reference/commands/ + fi + + - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a #v2.1.0 + id: generate-token + with: + app_id: ${{ secrets.TOKEN_APP_ID }} + private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }} + + - name: Create Pull Request + if: steps.check-changes.outputs.has-changes == 'true' + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 + with: + token: ${{ steps.generate-token.outputs.token }} + signoff: true + commit-message: | + Update cli/config reference documentation (auto generated) + title: "📚 Update cli/config reference documentation" + body: | + ## 🤖 Automated Reference Documentation Update + + This PR contains automatic updates to the reference documentation generated from the latest container images. + + ### Changes Include: + - Updated CLI command documentation + - Updated configuration documentation + - Latest version information and help text + + ⚡ This PR was automatically generated by the `update-reference-docs` workflow. + branch: update-reference-docs-${{ github.run_number }} + branch-suffix: timestamp + labels: | + documentation + automated + reference + draft: false + delete-branch: true \ No newline at end of file diff --git a/Taskfile.yml b/Taskfile.yml index 8184c2d6..23ac4f86 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -1,5 +1,8 @@ version: '3' +includes: + generate: ./tasks.d/generate.yaml + vars: TOOL_DIR: .tool diff --git a/content/docs/projects/_index.md b/content/docs/projects/_index.md index dd234eb8..efde9317 100644 --- a/content/docs/projects/_index.md +++ b/content/docs/projects/_index.md @@ -12,19 +12,19 @@ We maintain three popular command-line tools, some libraries, and supporting uti #### Syft logo Syft -{{< card title="SBOM Generator and library" footer="Syft GitHub Repo | SBOM Generation Guide" >}} +{{< card title="SBOM Generator and library" footer="Syft GitHub Repo | SBOM Generation Guide" >}} Syft (pronounced like sift) is an open-source command-line tool and Go library. Its primary function is to scan container images, file systems, and archives to automatically generate a Software Bill of Materials, making it easier to understand the composition of software.   {{< /card >}} #### Grype logo Grype -{{< card title="Vulnerability Scanner" footer="Grype GitHub Repo | Vulnerability Scanning Guide" >}} +{{< card title="Vulnerability Scanner" footer="Grype GitHub Repo | Vulnerability Scanning Guide" >}} Grype (pronounced like hype) is an open-source vulnerability scanner specifically designed to analyze container images and filesystems. It works by comparing the software components it finds against a database of known vulnerabilities, providing a report of potential risks so they can be addressed. {{< /card >}} #### Grant logo Grant -{{< card title="License Scanner" footer="Grant GitHub Repo | License Scanning Guide">}} +{{< card title="License Scanner" footer="Grant GitHub Repo | License Scanning Guide">}} Grant is an open-source command-line tool designed to discover and report on the software licenses present in container images, SBOM documents, or filesystems. It helps users understand the licenses of their software dependencies and can check them against user-defined policies to ensure compliance. {{< /card >}} diff --git a/content/docs/reference/_index.md b/content/docs/reference/_index.md index 9f92f641..fa67f37c 100644 --- a/content/docs/reference/_index.md +++ b/content/docs/reference/_index.md @@ -1,6 +1,6 @@ +++ -title = "Reference information" -description = "Reference Information for Anchore OSS" +title = "Reference" +description = "Reference for Anchore OSS Tools" weight = 60 url = "reference" +++ diff --git a/content/docs/reference/commands/grype-config.md b/content/docs/reference/commands/grype-config.md index d19d3d83..08cbe6b3 100644 --- a/content/docs/reference/commands/grype-config.md +++ b/content/docs/reference/commands/grype-config.md @@ -7,25 +7,20 @@ categories = ['reference'] url = "docs/reference/commands/grype-config" +++ -### Grype Default Configuration - -``` +```yaml log: # suppress all logging output (env: GRYPE_LOG_QUIET) quiet: false - # increase verbosity (-v = info, -vv = debug) (env: GRYPE_LOG_VERBOSITY) - verbosity: 0 - # explicitly set the logging level (available: [error warn info debug trace]) (env: GRYPE_LOG_LEVEL) - level: 'warn' + level: "warn" # file path to write logs to (env: GRYPE_LOG_FILE) - file: '' + file: "" dev: # capture resource profiling data (available: [cpu, mem]) (env: GRYPE_DEV_PROFILE) - profile: '' + profile: "" db: # (env: GRYPE_DEV_DB_DEBUG) @@ -41,19 +36,19 @@ output: [] # output-template-file: .grype/html.tmpl # # write output report to a file (default is to write to stdout) (env: GRYPE_FILE) -file: '' +file: "" # pretty-print output (env: GRYPE_PRETTY) pretty: false # distro to match against in the format: : (env: GRYPE_DISTRO) -distro: '' +distro: "" # generate CPEs for packages with no CPE data (env: GRYPE_ADD_CPES_IF_NONE) add-cpes-if-none: false # specify the path to a Go template file (requires 'template' output to be selected) (env: GRYPE_OUTPUT_TEMPLATE_FILE) -output-template-file: '' +output-template-file: "" # enable/disable checking for application updates on startup (env: GRYPE_CHECK_FOR_APP_UPDATE) check-for-app-update: true @@ -65,14 +60,14 @@ only-fixed: false only-notfixed: false # ignore matches for vulnerabilities with specified comma separated fix states, options=[fixed not-fixed unknown wont-fix] (env: GRYPE_IGNORE_WONTFIX) -ignore-wontfix: '' +ignore-wontfix: "" # an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux') (env: GRYPE_PLATFORM) -platform: '' +platform: "" search: - # selection of layers to analyze, options=[squashed all-layers] (env: GRYPE_SEARCH_SCOPE) - scope: 'squashed' + # selection of layers to analyze, options=[squashed all-layers deep-squashed] (env: GRYPE_SEARCH_SCOPE) + scope: "squashed" # search within archives that do not contain a file index to search against (tar, tar.gz, tar.bz2, etc) # note: enabling this may result in a performance impact since all discovered compressed tars will be decompressed @@ -113,7 +108,7 @@ external-sources: search-maven-upstream: true # base URL of the Maven repository to search (env: GRYPE_EXTERNAL_SOURCES_MAVEN_BASE_URL) - base-url: 'https://search.maven.org/solrsearch/select' + base-url: "https://search.maven.org/solrsearch/select" # (env: GRYPE_EXTERNAL_SOURCES_MAVEN_RATE_LIMIT) rate-limit: 300ms @@ -163,7 +158,7 @@ match: # upon scanning, if a severity is found at or above the given severity then the return code will be 1 # default is unset which will skip this validation (options: negligible, low, medium, high, critical) (env: GRYPE_FAIL_ON_SEVERITY) -fail-on-severity: '' +fail-on-severity: "" registry: # skip TLS verification when communicating with the registry (env: GRYPE_REGISTRY_INSECURE_SKIP_TLS_VERIFY) @@ -182,7 +177,7 @@ registry: auth: [] # filepath to a CA certificate (or directory containing *.crt, *.cert, *.pem) used to generate the client certificate (env: GRYPE_REGISTRY_CA_CERT) - ca-cert: '' + ca-cert: "" # show suppressed/ignored vulnerabilities in the output (only supported with table output format) (env: GRYPE_SHOW_SUPPRESSED) show-suppressed: false @@ -190,12 +185,15 @@ show-suppressed: false # orient results by CVE instead of the original vulnerability ID when possible (env: GRYPE_BY_CVE) by-cve: false +# sort the match results with the given strategy, options=[package severity epss risk kev vulnerability] (env: GRYPE_SORT_BY) +sort-by: "risk" + # same as --name; set the name of the target being analyzed (env: GRYPE_NAME) -name: '' +name: "" # allows users to specify which image source should be used to generate the sbom # valid values are: registry, docker, podman (env: GRYPE_DEFAULT_IMAGE_PULL_SOURCE) -default-image-pull-source: '' +default-image-pull-source: "" # a list of VEX documents to consider when producing scanning results (env: GRYPE_VEX_DOCUMENTS) vex-documents: [] @@ -206,15 +204,26 @@ vex-add: [] # match kernel-header packages with upstream kernel as kernel vulnerabilities (env: GRYPE_MATCH_UPSTREAM_KERNEL_HEADERS) match-upstream-kernel-headers: false +fix-channel: + redhat-eus: + # whether fixes from this channel should be considered, options are "never", "always", or "auto" (conditionally applied based on SBOM data) (env: GRYPE_FIX_CHANNEL_REDHAT_EUS_APPLY) + apply: "auto" + + # (env: GRYPE_FIX_CHANNEL_REDHAT_EUS_VERSIONS) + versions: ">= 8.0" + +# (env: GRYPE_TIMESTAMP) +timestamp: true + db: # location to write the vulnerability database cache (env: GRYPE_DB_CACHE_DIR) - cache-dir: '~/Library/Caches/grype/db' + cache-dir: "~.cache~grype~db" # URL of the vulnerability database (env: GRYPE_DB_UPDATE_URL) - update-url: 'https://grype.anchore.io/databases' + update-url: "https://grype.anchore.io/databases" # certificate to trust download the database and listing file (env: GRYPE_DB_CA_CERT) - ca-cert: '' + ca-cert: "" # check for database updates on execution (env: GRYPE_DB_AUTO_UPDATE) auto-update: true diff --git a/content/docs/reference/commands/grype.md b/content/docs/reference/commands/grype.md index bf15e4d2..fd13b496 100644 --- a/content/docs/reference/commands/grype.md +++ b/content/docs/reference/commands/grype.md @@ -11,14 +11,14 @@ url = "docs/reference/commands/grype" ``` Application: grype -Version: 0.91.2 -BuildDate: 2025-04-25T17:20:02Z -GitCommit: 7e6ba817350bdb922f35e4437aa01869cf0a8be0 -GitDescription: v0.91.2 -Platform: darwin/arm64 -GoVersion: go1.24.2 +Version: 0.100.0 +BuildDate: 2025-09-15T21:51:57Z +GitCommit: 088112b26e638c139a513f387f7a6e51f1a8b76d +GitDescription: v0.100.0 +Platform: linux/arm64 +GoVersion: go1.24.7 Compiler: gc -Syft Version: v1.23.1 +Syft Version: v1.33.0 Supported DB Schema: 6 ``` @@ -44,9 +44,10 @@ You can also explicitly specify the scheme to use: grype registry:yourrepo/yourimage:tag pull image directly from a registry (no container runtime required) grype purl:path/to/purl/file read a newline separated file of package URLs from a path on disk grype PURL read a single package PURL directly (e.g. pkg:apk/openssl@3.2.1?distro=alpine-3.20.3) + grype CPE read a single CPE directly (e.g. cpe:2.3:a:openssl:openssl:3.0.14:*:*:*:*:*) You can also pipe in Syft JSON directly: - syft yourimage:tag -o json | grype + syft yourimage:tag -o json | grype Usage: grype [IMAGE] [flags] @@ -77,8 +78,9 @@ Flags: --platform string an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux') --profile stringArray configuration profiles to use -q, --quiet suppress all logging output - -s, --scope string selection of layers to analyze, options=[squashed all-layers] (default "squashed") + -s, --scope string selection of layers to analyze, options=[squashed all-layers deep-squashed] (default "squashed") --show-suppressed show suppressed/ignored vulnerabilities in the output (only supported with table output format) + --sort-by string sort the match results with the given strategy, options=[package severity epss risk kev vulnerability] (default "risk") -t, --template string specify the path to a Go template file (requires 'template' output to be selected) -v, --verbose count increase verbosity (-v = info, -vv = debug) --version version for grype @@ -87,9 +89,490 @@ Flags: Use "grype [command] --help" for more information about a command. ``` +### `grype config` + +``` +log: + # suppress all logging output (env: GRYPE_LOG_QUIET) + quiet: false + + # explicitly set the logging level (available: [error warn info debug trace]) (env: GRYPE_LOG_LEVEL) + level: 'warn' + + # file path to write logs to (env: GRYPE_LOG_FILE) + file: '' + +dev: + # capture resource profiling data (available: [cpu, mem]) (env: GRYPE_DEV_PROFILE) + profile: '' + + db: + # (env: GRYPE_DEV_DB_DEBUG) + debug: false + +# the output format of the vulnerability report (options: table, template, json, cyclonedx) +# when using template as the output type, you must also provide a value for 'output-template-file' (env: GRYPE_OUTPUT) +output: [] + +# if using template output, you must provide a path to a Go template file +# see https://github.com/anchore/grype#using-templates for more information on template output +# the default path to the template file is the current working directory +# output-template-file: .grype/html.tmpl +# +# write output report to a file (default is to write to stdout) (env: GRYPE_FILE) +file: '' + +# pretty-print output (env: GRYPE_PRETTY) +pretty: false + +# distro to match against in the format: : (env: GRYPE_DISTRO) +distro: '' + +# generate CPEs for packages with no CPE data (env: GRYPE_ADD_CPES_IF_NONE) +add-cpes-if-none: false + +# specify the path to a Go template file (requires 'template' output to be selected) (env: GRYPE_OUTPUT_TEMPLATE_FILE) +output-template-file: '' + +# enable/disable checking for application updates on startup (env: GRYPE_CHECK_FOR_APP_UPDATE) +check-for-app-update: true + +# ignore matches for vulnerabilities that are not fixed (env: GRYPE_ONLY_FIXED) +only-fixed: false + +# ignore matches for vulnerabilities that are fixed (env: GRYPE_ONLY_NOTFIXED) +only-notfixed: false + +# ignore matches for vulnerabilities with specified comma separated fix states, options=[fixed not-fixed unknown wont-fix] (env: GRYPE_IGNORE_WONTFIX) +ignore-wontfix: '' + +# an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux') (env: GRYPE_PLATFORM) +platform: '' + +search: + # selection of layers to analyze, options=[squashed all-layers deep-squashed] (env: GRYPE_SEARCH_SCOPE) + scope: 'squashed' + + # search within archives that do not contain a file index to search against (tar, tar.gz, tar.bz2, etc) + # note: enabling this may result in a performance impact since all discovered compressed tars will be decompressed + # note: for now this only applies to the java package cataloger (env: GRYPE_SEARCH_UNINDEXED_ARCHIVES) + unindexed-archives: false + + # search within archives that do contain a file index to search against (zip) + # note: for now this only applies to the java package cataloger (env: GRYPE_SEARCH_INDEXED_ARCHIVES) + indexed-archives: true + +# A list of vulnerability ignore rules, one or more property may be specified and all matching vulnerabilities will be ignored. +# This is the full set of supported rule fields: +# - vulnerability: CVE-2008-4318 +# fix-state: unknown +# package: +# name: libcurl +# version: 1.5.1 +# type: npm +# location: "/usr/local/lib/node_modules/**" +# +# VEX fields apply when Grype reads vex data: +# - vex-status: not_affected +# vex-justification: vulnerable_code_not_present +ignore: [] + +# a list of globs to exclude from scanning, for example: +# - '/etc/**' +# - './out/**/*.json' +# same as --exclude (env: GRYPE_EXCLUDE) +exclude: [] + +external-sources: + # enable Grype searching network source for additional information (env: GRYPE_EXTERNAL_SOURCES_ENABLE) + enable: false + + maven: + # search for Maven artifacts by SHA1 (env: GRYPE_EXTERNAL_SOURCES_MAVEN_SEARCH_MAVEN_UPSTREAM) + search-maven-upstream: true + + # base URL of the Maven repository to search (env: GRYPE_EXTERNAL_SOURCES_MAVEN_BASE_URL) + base-url: 'https://search.maven.org/solrsearch/select' + + # (env: GRYPE_EXTERNAL_SOURCES_MAVEN_RATE_LIMIT) + rate-limit: 300ms + +match: + java: + # use CPE matching to find vulnerabilities (env: GRYPE_MATCH_JAVA_USING_CPES) + using-cpes: false + + jvm: + # (env: GRYPE_MATCH_JVM_USING_CPES) + using-cpes: true + + dotnet: + # use CPE matching to find vulnerabilities (env: GRYPE_MATCH_DOTNET_USING_CPES) + using-cpes: false + + golang: + # use CPE matching to find vulnerabilities (env: GRYPE_MATCH_GOLANG_USING_CPES) + using-cpes: false + + # use CPE matching to find vulnerabilities for the Go standard library (env: GRYPE_MATCH_GOLANG_ALWAYS_USE_CPE_FOR_STDLIB) + always-use-cpe-for-stdlib: true + + # allow comparison between main module pseudo-versions (e.g. v0.0.0-20240413-2b432cf643...) (env: GRYPE_MATCH_GOLANG_ALLOW_MAIN_MODULE_PSEUDO_VERSION_COMPARISON) + allow-main-module-pseudo-version-comparison: false + + javascript: + # use CPE matching to find vulnerabilities (env: GRYPE_MATCH_JAVASCRIPT_USING_CPES) + using-cpes: false + + python: + # use CPE matching to find vulnerabilities (env: GRYPE_MATCH_PYTHON_USING_CPES) + using-cpes: false + + ruby: + # use CPE matching to find vulnerabilities (env: GRYPE_MATCH_RUBY_USING_CPES) + using-cpes: false + + rust: + # use CPE matching to find vulnerabilities (env: GRYPE_MATCH_RUST_USING_CPES) + using-cpes: false + + stock: + # use CPE matching to find vulnerabilities (env: GRYPE_MATCH_STOCK_USING_CPES) + using-cpes: true + +# upon scanning, if a severity is found at or above the given severity then the return code will be 1 +# default is unset which will skip this validation (options: negligible, low, medium, high, critical) (env: GRYPE_FAIL_ON_SEVERITY) +fail-on-severity: '' + +registry: + # skip TLS verification when communicating with the registry (env: GRYPE_REGISTRY_INSECURE_SKIP_TLS_VERIFY) + insecure-skip-tls-verify: false + + # use http instead of https when connecting to the registry (env: GRYPE_REGISTRY_INSECURE_USE_HTTP) + insecure-use-http: false + + # Authentication credentials for specific registries. Each entry describes authentication for a specific authority: + # - authority: the registry authority URL the URL to the registry (e.g. "docker.io", "localhost:5000", etc.) (env: SYFT_REGISTRY_AUTH_AUTHORITY) + # username: a username if using basic credentials (env: SYFT_REGISTRY_AUTH_USERNAME) + # password: a corresponding password (env: SYFT_REGISTRY_AUTH_PASSWORD) + # token: a token if using token-based authentication, mutually exclusive with username/password (env: SYFT_REGISTRY_AUTH_TOKEN) + # tls-cert: filepath to the client certificate used for TLS authentication to the registry (env: SYFT_REGISTRY_AUTH_TLS_CERT) + # tls-key: filepath to the client key used for TLS authentication to the registry (env: SYFT_REGISTRY_AUTH_TLS_KEY) + auth: [] + + # filepath to a CA certificate (or directory containing *.crt, *.cert, *.pem) used to generate the client certificate (env: GRYPE_REGISTRY_CA_CERT) + ca-cert: '' + +# show suppressed/ignored vulnerabilities in the output (only supported with table output format) (env: GRYPE_SHOW_SUPPRESSED) +show-suppressed: false + +# orient results by CVE instead of the original vulnerability ID when possible (env: GRYPE_BY_CVE) +by-cve: false + +# sort the match results with the given strategy, options=[package severity epss risk kev vulnerability] (env: GRYPE_SORT_BY) +sort-by: 'risk' + +# same as --name; set the name of the target being analyzed (env: GRYPE_NAME) +name: '' + +# allows users to specify which image source should be used to generate the sbom +# valid values are: registry, docker, podman (env: GRYPE_DEFAULT_IMAGE_PULL_SOURCE) +default-image-pull-source: '' + +# a list of VEX documents to consider when producing scanning results (env: GRYPE_VEX_DOCUMENTS) +vex-documents: [] + +# VEX statuses to consider as ignored rules (env: GRYPE_VEX_ADD) +vex-add: [] + +# match kernel-header packages with upstream kernel as kernel vulnerabilities (env: GRYPE_MATCH_UPSTREAM_KERNEL_HEADERS) +match-upstream-kernel-headers: false + +fix-channel: + redhat-eus: + # whether fixes from this channel should be considered, options are "never", "always", or "auto" (conditionally applied based on SBOM data) (env: GRYPE_FIX_CHANNEL_REDHAT_EUS_APPLY) + apply: 'auto' + + # (env: GRYPE_FIX_CHANNEL_REDHAT_EUS_VERSIONS) + versions: '>= 8.0' + +# (env: GRYPE_TIMESTAMP) +timestamp: true + +db: + # location to write the vulnerability database cache (env: GRYPE_DB_CACHE_DIR) + cache-dir: '~.cache~grype~db' + + # URL of the vulnerability database (env: GRYPE_DB_UPDATE_URL) + update-url: 'https://grype.anchore.io/databases' + + # certificate to trust download the database and listing file (env: GRYPE_DB_CA_CERT) + ca-cert: '' + + # check for database updates on execution (env: GRYPE_DB_AUTO_UPDATE) + auto-update: true + + # validate the database matches the known hash each execution (env: GRYPE_DB_VALIDATE_BY_HASH_ON_START) + validate-by-hash-on-start: true + + # ensure db build is no older than the max-allowed-built-age (env: GRYPE_DB_VALIDATE_AGE) + validate-age: true + + # Max allowed age for vulnerability database, + # age being the time since it was built + # Default max age is 120h (or five days) (env: GRYPE_DB_MAX_ALLOWED_BUILT_AGE) + max-allowed-built-age: 120h0m0s + + # fail the scan if unable to check for database updates (env: GRYPE_DB_REQUIRE_UPDATE_CHECK) + require-update-check: false + + # Timeout for downloading GRYPE_DB_UPDATE_URL to see if the database needs to be downloaded + # This file is ~156KiB as of 2024-04-17 so the download should be quick; adjust as needed (env: GRYPE_DB_UPDATE_AVAILABLE_TIMEOUT) + update-available-timeout: 30s + + # Timeout for downloading actual vulnerability DB + # The DB is ~156MB as of 2024-04-17 so slower connections may exceed the default timeout; adjust as needed (env: GRYPE_DB_UPDATE_DOWNLOAD_TIMEOUT) + update-download-timeout: 5m0s + + # Maximum frequency to check for vulnerability database updates (env: GRYPE_DB_MAX_UPDATE_CHECK_FREQUENCY) + max-update-check-frequency: 2h0m0s + +exp: +``` + +### `grype db` + +``` +vulnerability database operations + +Usage: + grype db [command] + +Available Commands: + check Check to see if there is a database update available + delete Delete the vulnerability database + import Import a vulnerability database or archive from a local file or URL + list List all DBs available according to the listing URL + providers List vulnerability providers that are in the database + search Search the DB for vulnerabilities or affected packages + status Display database status and metadata + update Download and install the latest vulnerability database + +Flags: + -h, --help help for db + +Global Flags: + -c, --config stringArray grype configuration file(s) to use + --profile stringArray configuration profiles to use + -q, --quiet suppress all logging output + -v, --verbose count increase verbosity (-v = info, -vv = debug) + +Use "grype db [command] --help" for more information about a command. +``` + +### `grype db check` + +``` +Check to see if there is a database update available + +Usage: + grype db check [flags] + +Flags: + -h, --help help for check + -o, --output string format to display results (available=[text, json]) (default "text") + +Global Flags: + -c, --config stringArray grype configuration file(s) to use + --profile stringArray configuration profiles to use + -q, --quiet suppress all logging output + -v, --verbose count increase verbosity (-v = info, -vv = debug) +``` + +### `grype db delete` + +``` +Delete the vulnerability database + +Usage: + grype db delete [flags] + +Flags: + -h, --help help for delete + +Global Flags: + -c, --config stringArray grype configuration file(s) to use + --profile stringArray configuration profiles to use + -q, --quiet suppress all logging output + -v, --verbose count increase verbosity (-v = info, -vv = debug) +``` + +### `grype db import` + +``` +import a vulnerability database archive from a local FILE or URL. +DB archives can be obtained from "https://grype.anchore.io/databases" (or running `db list`). If the URL has a `checksum` query parameter with a fully qualified digest (e.g. 'sha256:abc728...') then the archive/DB will be verified against this value. + +Usage: + grype db import FILE | URL [flags] + +Flags: + -h, --help help for import + +Global Flags: + -c, --config stringArray grype configuration file(s) to use + --profile stringArray configuration profiles to use + -q, --quiet suppress all logging output + -v, --verbose count increase verbosity (-v = info, -vv = debug) +``` + +### `grype db list` + +``` +List all DBs available according to the listing URL + +Usage: + grype db list [flags] + +Flags: + -h, --help help for list + -o, --output string format to display results (available=[text, raw, json]) (default "text") + +Global Flags: + -c, --config stringArray grype configuration file(s) to use + --profile stringArray configuration profiles to use + -q, --quiet suppress all logging output + -v, --verbose count increase verbosity (-v = info, -vv = debug) +``` + +### `grype db providers` + +``` +List vulnerability providers that are in the database + +Usage: + grype db providers [flags] + +Flags: + -h, --help help for providers + -o, --output string format to display results (available=[table, json]) (default "table") + +Global Flags: + -c, --config stringArray grype configuration file(s) to use + --profile stringArray configuration profiles to use + -q, --quiet suppress all logging output + -v, --verbose count increase verbosity (-v = info, -vv = debug) +``` + +### `grype db search` + +``` +Search the DB for vulnerabilities or affected packages + +Usage: + grype db search [flags] + grype db search [command] + +Examples: + + Search for affected packages by vulnerability ID: + + $ grype db search --vuln ELSA-2023-12205 + + Search for affected packages by package name: + + $ grype db search --pkg log4j + + Search for affected packages by package name, filtering down to a specific vulnerability: + + $ grype db search --pkg log4j --vuln CVE-2021-44228 + + Search for affected packages by PURL (note: version is not considered): + + $ grype db search --pkg 'pkg:rpm/redhat/openssl' # or: '--ecosystem rpm --pkg openssl + + Search for affected packages by CPE (note: version/update is not considered): + + $ grype db search --pkg 'cpe:2.3:a:jetty:jetty_http_server:*:*:*:*:*:*:*:*' + $ grype db search --pkg 'cpe:/a:jetty:jetty_http_server' + +Available Commands: + vuln Search for vulnerabilities within the DB (supports DB schema v6+ only) + +Flags: + --broad-cpe-matching allow for specific package CPE attributes to match with '*' values on the vulnerability + --distro stringArray refine to results with the given operating system (format: 'name', 'name@version', 'name@maj.min', 'name@codename') + --ecosystem string ecosystem of the package to search within + -h, --help help for search + --limit int limit the number of results returned, use 0 for no limit (default 5000) + --modified-after string only show vulnerabilities originally published or modified since the given date (format: YYYY-MM-DD) + -o, --output string format to display results (available=[table, json]) (default "table") + --pkg stringArray package name/CPE/PURL to search for + --provider stringArray only show vulnerabilities from the given provider + --published-after string only show vulnerabilities originally published after the given date (format: YYYY-MM-DD) + --vuln stringArray only show results for the given vulnerability ID + +Global Flags: + -c, --config stringArray grype configuration file(s) to use + --profile stringArray configuration profiles to use + -q, --quiet suppress all logging output + -v, --verbose count increase verbosity (-v = info, -vv = debug) + +Use "grype db search [command] --help" for more information about a command. +``` + +### `grype db status` + +``` +Display database status and metadata + +Usage: + grype db status [flags] + +Flags: + -h, --help help for status + -o, --output string format to display results (available=[text, json]) (default "text") + +Global Flags: + -c, --config stringArray grype configuration file(s) to use + --profile stringArray configuration profiles to use + -q, --quiet suppress all logging output + -v, --verbose count increase verbosity (-v = info, -vv = debug) +``` + ### `grype db update` ``` - ✔ Vulnerability DB [updated] -Vulnerability database updated to latest version! +Download and install the latest vulnerability database + +Usage: + grype db update [flags] + +Flags: + -h, --help help for update + +Global Flags: + -c, --config stringArray grype configuration file(s) to use + --profile stringArray configuration profiles to use + -q, --quiet suppress all logging output + -v, --verbose count increase verbosity (-v = info, -vv = debug) +``` + +### `grype explain` + +``` +Ask grype to explain a set of findings + +Usage: + grype explain --id [VULNERABILITY ID] [flags] + +Flags: + -h, --help help for explain + --id stringArray CVE IDs to explain + +Global Flags: + -c, --config stringArray grype configuration file(s) to use + --profile stringArray configuration profiles to use + -q, --quiet suppress all logging output + -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` diff --git a/content/docs/reference/commands/syft-config.md b/content/docs/reference/commands/syft-config.md index 12825641..6a4af6ce 100644 --- a/content/docs/reference/commands/syft-config.md +++ b/content/docs/reference/commands/syft-config.md @@ -1,15 +1,13 @@ +++ title = "Syft Default Configuration" linkTitle = "Syft Default Config" -weight = 15 +weight = 25 tags = ['syft'] categories = ['reference'] url = "docs/reference/commands/syft-config" +++ -### Syft default configuration - -``` +```yaml log: # suppress all logging output (env: SYFT_LOG_QUIET) quiet: false @@ -18,17 +16,17 @@ log: verbosity: 0 # explicitly set the logging level (available: [error warn info debug trace]) (env: SYFT_LOG_LEVEL) - level: 'warn' + level: "warn" # file path to write logs to (env: SYFT_LOG_FILE) - file: '' + file: "" dev: # capture resource profiling data (available: [cpu, mem]) (env: SYFT_DEV_PROFILE) - profile: '' + profile: "" # the configuration file(s) used to load application configuration (env: SYFT_CONFIG) -config: '' +config: "" # the output format(s) of the SBOM report (options: syft-table, syft-text, syft-json, spdx-json, ...) # to specify multiple output files in differing formats, use a list: @@ -36,10 +34,10 @@ config: '' # - "syft-json=" # - "spdx-json=" (env: SYFT_OUTPUT) output: - - 'syft-table' + - "syft-table" # file to write the default report output to (default is STDOUT) (env: SYFT_LEGACYFILE) -legacyFile: '' +legacyFile: "" format: # default value for all formats that support the "pretty" option (default is unset) (env: SYFT_FORMAT_PRETTY) @@ -48,7 +46,7 @@ format: template: # path to the template file to use when rendering the output with the template output format. # Note that all template paths are based on the current syft-json schema (env: SYFT_FORMAT_TEMPLATE_PATH) - path: '' + path: "" # if true, uses the go structs for the syft-json format for templating. # if false, uses the syft-json output for templating (which follows the syft JSON schema exactly). @@ -114,18 +112,12 @@ package: license: # include the content of licenses in the SBOM for a given syft scan; valid values are: [all unknown none] (env: SYFT_LICENSE_CONTENT) - content: 'none' - - # deprecated: please use 'license-content' instead (env: SYFT_LICENSE_INCLUDE_UNKNOWN_LICENSE_CONTENT) - include-unknown-license-content: + content: "none" # adjust the percent as a fraction of the total text, in normalized words, that # matches any valid license for the given inputs, expressed as a percentage across all of the licenses matched. (env: SYFT_LICENSE_COVERAGE) coverage: 75 - # deprecated: please use 'coverage' instead (env: SYFT_LICENSE_LICENSE_COVERAGE) - license-coverage: - file: metadata: # select which files should be captured by the file-metadata cataloger and included in the SBOM. @@ -133,12 +125,12 @@ file: # - "all": capture all files from the search space # - "owned-by-package": capture only files owned by packages # - "none", "": do not capture any files (env: SYFT_FILE_METADATA_SELECTION) - selection: 'owned-by-package' + selection: "owned-by-package" # the file digest algorithms to use when cataloging files (options: "md5", "sha1", "sha224", "sha256", "sha384", "sha512") (env: SYFT_FILE_METADATA_DIGESTS) digests: - - 'sha1' - - 'sha256' + - "sha1" + - "sha256" content: # skip searching a file entirely if it is above the given size (default = 1MB; unit = bytes) (env: SYFT_FILE_CONTENT_SKIP_FILES_ABOVE_SIZE) @@ -152,7 +144,7 @@ file: globs: [] # selection of layers to catalog, options=[squashed all-layers deep-squashed] (env: SYFT_SCOPE) -scope: 'squashed' +scope: "squashed" # number of cataloger workers to run in parallel # by default, when set to 0: this will be based on runtime.NumCPU * 4, if set to less than 0 it will be unbounded (env: SYFT_PARALLELISM) @@ -167,10 +159,10 @@ relationships: compliance: # action to take when a package is missing a name (env: SYFT_COMPLIANCE_MISSING_NAME) - missing-name: 'drop' + missing-name: "drop" # action to take when a package is missing a version (env: SYFT_COMPLIANCE_MISSING_VERSION) - missing-version: 'stub' + missing-version: "stub" # Enable data enrichment operations, which can utilize services such as Maven Central and NPM. # By default all enrichment is disabled, use: all to enable everything. @@ -196,25 +188,25 @@ golang: search-local-mod-cache-licenses: # specify an explicit go mod cache directory, if unset this defaults to $GOPATH/pkg/mod or $HOME/go/pkg/mod (env: SYFT_GOLANG_LOCAL_MOD_CACHE_DIR) - local-mod-cache-dir: '~/go/pkg/mod' + local-mod-cache-dir: "~go~pkg~mod" # search for go package licences in the vendor folder on the system running Syft, note that this is outside the # container filesystem and potentially outside the root of a local directory scan (env: SYFT_GOLANG_SEARCH_LOCAL_VENDOR_LICENSES) search-local-vendor-licenses: # specify an explicit go vendor directory, if unset this defaults to ./vendor (env: SYFT_GOLANG_LOCAL_VENDOR_DIR) - local-vendor-dir: '' + local-vendor-dir: "" # search for go package licences by retrieving the package from a network proxy (env: SYFT_GOLANG_SEARCH_REMOTE_LICENSES) search-remote-licenses: # remote proxy to use when retrieving go packages from the network, # if unset this defaults to $GOPROXY followed by https://proxy.golang.org (env: SYFT_GOLANG_PROXY) - proxy: 'https://proxy.golang.org,direct' + proxy: "https://proxy.golang.org,direct" # specifies packages which should not be fetched by proxy # if unset this defaults to $GONOPROXY (env: SYFT_GOLANG_NO_PROXY) - no-proxy: '' + no-proxy: "" main-module-version: # look for LD flags that appear to be setting a version (e.g. -X main.version=1.0.0) (env: SYFT_GOLANG_MAIN_MODULE_VERSION_FROM_LD_FLAGS) @@ -243,10 +235,10 @@ java: # override the default location of the local Maven repository. # the default is the subdirectory '.m2/repository' in your home directory (env: SYFT_JAVA_MAVEN_LOCAL_REPOSITORY_DIR) - maven-local-repository-dir: '~/.m2/repository' + maven-local-repository-dir: "~.m2~repository" # maven repository to use, defaults to Maven central (env: SYFT_JAVA_MAVEN_URL) - maven-url: 'https://repo1.maven.org/maven2' + maven-url: "https://repo1.maven.org/maven2" # depth to recursively resolve parent POMs, no limit if <= 0 (env: SYFT_JAVA_MAX_PARENT_RECURSIVE_DEPTH) max-parent-recursive-depth: 0 @@ -259,7 +251,7 @@ javascript: search-remote-licenses: # base NPM url to use (env: SYFT_JAVASCRIPT_NPM_BASE_URL) - npm-base-url: '' + npm-base-url: "" # include development-scoped dependencies (env: SYFT_JAVASCRIPT_INCLUDE_DEV_DEPENDENCIES) include-dev-dependencies: @@ -296,36 +288,42 @@ registry: auth: [] # filepath to a CA certificate (or directory containing *.crt, *.cert, *.pem) used to generate the client certificate (env: SYFT_REGISTRY_CA_CERT) - ca-cert: '' + ca-cert: "" # specify the source behavior to use (e.g. docker, registry, oci-dir, ...) (env: SYFT_FROM) from: [] # an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux') (env: SYFT_PLATFORM) -platform: '' +platform: "" source: # set the name of the target being analyzed (env: SYFT_SOURCE_NAME) - name: '' + name: "" # set the version of the target being analyzed (env: SYFT_SOURCE_VERSION) - version: '' + version: "" + + # the organization that supplied the component, which often may be the manufacturer, distributor, or repackager (env: SYFT_SOURCE_SUPPLIER) + supplier: "" + + # (env: SYFT_SOURCE_SOURCE) + source: "" # base directory for scanning, no links will be followed above this directory, and all paths will be reported relative to this directory (env: SYFT_SOURCE_BASE_PATH) - base-path: '' + base-path: "" file: # the file digest algorithms to use on the scanned file (options: "md5", "sha1", "sha224", "sha256", "sha384", "sha512") (env: SYFT_SOURCE_FILE_DIGESTS) digests: - - 'SHA-256' + - "SHA-256" image: # allows users to specify which image source should be used to generate the sbom # valid values are: registry, docker, podman (env: SYFT_SOURCE_IMAGE_DEFAULT_PULL_SOURCE) - default-pull-source: '' + default-pull-source: "" # (env: SYFT_SOURCE_IMAGE_MAX_LAYER_SIZE) - max-layer-size: '' + max-layer-size: "" # exclude paths from being scanned using a glob expression (env: SYFT_EXCLUDE) exclude: [] @@ -342,19 +340,19 @@ unknowns: cache: # root directory to cache any downloaded content; empty string will use an in-memory cache (env: SYFT_CACHE_DIR) - dir: '~/Library/Caches/syft' + dir: "~.cache~syft" # time to live for cached data; setting this to 0 will disable caching entirely (env: SYFT_CACHE_TTL) - ttl: '7d' + ttl: "7d" # show catalogers that have been de-selected (env: SYFT_SHOW_HIDDEN) show-hidden: false attest: # the key to use for the attestation (env: SYFT_ATTEST_KEY) - key: '' + key: "" # password to decrypt to given private key # additionally responds to COSIGN_PASSWORD env var (env: SYFT_ATTEST_PASSWORD) - password: '' + password: "" ``` diff --git a/content/docs/reference/commands/syft.md b/content/docs/reference/commands/syft.md index 4828b926..81359016 100644 --- a/content/docs/reference/commands/syft.md +++ b/content/docs/reference/commands/syft.md @@ -1,7 +1,7 @@ +++ title = "Syft Command Line Reference" linkTitle = "Syft CLI" -weight = 10 +weight = 20 tags = ['syft'] categories = ['reference'] url = "docs/reference/commands/syft" @@ -10,14 +10,15 @@ url = "docs/reference/commands/syft" ### `syft version` ``` -Application: syft -Version: 1.24.0 -BuildDate: 2025-05-14T14:51:30Z -GitCommit: 3c7018a853ab7b311db9ff70e1cf3113b46d9c0c -GitDescription: v1.24.0 -Platform: darwin/arm64 -GoVersion: go1.24.3 -Compiler: gc +Application: syft +Version: 1.33.0 +BuildDate: 2025-09-15T20:38:16Z +GitCommit: b87b9191497c2d410b42c05591347d428129fd2a +GitDescription: v1.33.0 +Platform: linux/arm64 +GoVersion: go1.24.7 +Compiler: gc +SchemaVersion: 16.0.39 ``` ### `syft help` @@ -85,6 +86,7 @@ Flags: -s, --scope string selection of layers to catalog, options=[squashed all-layers deep-squashed] (default "squashed") --select-catalogers stringArray add, remove, and filter the catalogers to be used --source-name string set the name of the target being analyzed + --source-supplier string the organization that supplied the component, which often may be the manufacturer, distributor, or repackager --source-version string set the version of the target being analyzed -t, --template string specify the path to a Go template file -v, --verbose count increase verbosity (-v = info, -vv = debug) @@ -93,6 +95,558 @@ Flags: Use "syft [command] --help" for more information about a command. ``` +### `syft attest` + +``` +Generate a packaged-based Software Bill Of Materials (SBOM) from a container image as the predicate of an in-toto attestation that will be uploaded to the image registry + +Usage: + syft attest --output [FORMAT] [flags] + +Examples: + syft attest --output [FORMAT] alpine:latest defaults to using images from a Docker daemon. If Docker is not present, the image is pulled directly from the registry + + You can also explicitly specify the scheme to use: + syft attest docker:yourrepo/yourimage:tag explicitly use the Docker daemon + syft attest podman:yourrepo/yourimage:tag explicitly use the Podman daemon + syft attest registry:yourrepo/yourimage:tag pull image directly from a registry (no container runtime required) + syft attest docker-archive:path/to/yourimage.tar use a tarball from disk for archives created from "docker save" + syft attest oci-archive:path/to/yourimage.tar use a tarball from disk for OCI archives (from Skopeo or otherwise) + syft attest oci-dir:path/to/yourimage read directly from a path on disk for OCI layout directories (from Skopeo or otherwise) + syft attest singularity:path/to/yourimage.sif read directly from a Singularity Image Format (SIF) container on disk + + +Flags: + --base-path string base directory for scanning, no links will be followed above this directory, and all paths will be reported relative to this directory + --enrich stringArray enable package data enrichment from local and online sources (options: all, golang, java, javascript) + --exclude stringArray exclude paths from being scanned using a glob expression + --from stringArray specify the source behavior to use (e.g. docker, registry, oci-dir, ...) + -h, --help help for attest + -k, --key string the key to use for the attestation + -o, --output stringArray report output format (= to output to a file), formats=[cyclonedx-json cyclonedx-xml github-json purls spdx-json spdx-tag-value syft-json syft-table syft-text template] (default [syft-json]) + --override-default-catalogers stringArray set the base set of catalogers to use (defaults to 'image' or 'directory' depending on the scan source) + --parallelism int number of cataloger workers to run in parallel + --platform string an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux') + -s, --scope string selection of layers to catalog, options=[squashed all-layers deep-squashed] (default "squashed") + --select-catalogers stringArray add, remove, and filter the catalogers to be used + --source-name string set the name of the target being analyzed + --source-supplier string the organization that supplied the component, which often may be the manufacturer, distributor, or repackager + --source-version string set the version of the target being analyzed + +Global Flags: + -c, --config stringArray syft configuration file(s) to use + --profile stringArray configuration profiles to use + -q, --quiet suppress all logging output + -v, --verbose count increase verbosity (-v = info, -vv = debug) +``` + +### `syft cataloger` + +``` +Show available catalogers and configuration + +Usage: + syft cataloger [command] + +Available Commands: + list List available catalogers + +Flags: + -h, --help help for cataloger + +Global Flags: + -c, --config stringArray syft configuration file(s) to use + --profile stringArray configuration profiles to use + -q, --quiet suppress all logging output + -v, --verbose count increase verbosity (-v = info, -vv = debug) + +Use "syft cataloger [command] --help" for more information about a command. +``` + +### `syft cataloger list` + +``` +Default selections: 1 + • 'all' +Selection expressions: 0 +┌───────────────────────────┬───────────────────────┐ +│ FILE CATALOGER │ TAGS │ +├───────────────────────────┼───────────────────────┤ +│ file-content-cataloger │ content, file │ +│ file-digest-cataloger │ digest, file │ +│ file-executable-cataloger │ binary-metadata, file │ +│ file-metadata-cataloger │ file, file-metadata │ +└───────────────────────────┴───────────────────────┘ +┌────────────────────────────────────────┬──────────────────────────────────────────────────────────────────────────────────┐ +│ PACKAGE CATALOGER │ TAGS │ +├────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────┤ +│ alpm-db-cataloger │ alpm, archlinux, directory, image, installed, linux, os, package │ +│ apk-db-cataloger │ alpine, apk, directory, image, installed, linux, os, package │ +│ binary-classifier-cataloger │ binary, declared, directory, image, installed, package │ +│ bitnami-cataloger │ bitnami, image, installed, package │ +│ cargo-auditable-binary-cataloger │ binary, directory, image, installed, language, package, rust │ +│ cocoapods-cataloger │ cocoapods, declared, directory, language, package, swift │ +│ conan-cataloger │ conan, cpp, declared, directory, language, package │ +│ conan-info-cataloger │ conan, cpp, image, installed, language, package │ +│ conda-meta-cataloger │ conda, directory, installed, package │ +│ dart-pubspec-cataloger │ dart, declared, directory, language, package │ +│ dart-pubspec-lock-cataloger │ dart, declared, directory, language, package │ +│ deb-archive-cataloger │ deb, debian, declared, directory, linux, os, package │ +│ dotnet-deps-binary-cataloger │ c#, directory, dotnet, image, installed, language, package │ +│ dotnet-deps-cataloger │ deprecated, package │ +│ dotnet-packages-lock-cataloger │ c#, declared, directory, dotnet, image, language, package │ +│ dotnet-portable-executable-cataloger │ deprecated, package │ +│ dpkg-db-cataloger │ debian, directory, dpkg, image, installed, linux, os, package │ +│ elf-binary-package-cataloger │ binary, declared, directory, elf, elf-package, image, installed, package │ +│ elixir-mix-lock-cataloger │ declared, directory, elixir, language, package │ +│ erlang-otp-application-cataloger │ declared, directory, erlang, language, otp, package │ +│ erlang-rebar-lock-cataloger │ declared, directory, erlang, language, package │ +│ github-action-workflow-usage-cataloger │ declared, directory, github, github-actions, package │ +│ github-actions-usage-cataloger │ declared, directory, github, github-actions, package │ +│ go-module-binary-cataloger │ binary, directory, go, golang, gomod, image, installed, language, package │ +│ go-module-file-cataloger │ declared, directory, go, golang, gomod, language, package │ +│ graalvm-native-image-cataloger │ directory, image, installed, java, language, package │ +│ haskell-cataloger │ cabal, declared, directory, hackage, haskell, language, package │ +│ homebrew-cataloger │ directory, homebrew, image, installed, package │ +│ java-archive-cataloger │ directory, image, installed, java, language, maven, package │ +│ java-gradle-lockfile-cataloger │ declared, directory, gradle, java, language, package │ +│ java-jvm-cataloger │ declared, directory, image, installed, java, jdk, jre, jvm, package │ +│ java-pom-cataloger │ declared, directory, java, language, maven, package │ +│ javascript-lock-cataloger │ declared, directory, javascript, language, node, npm, package │ +│ javascript-package-cataloger │ image, installed, javascript, language, node, package │ +│ linux-kernel-cataloger │ declared, directory, image, installed, kernel, linux, package │ +│ lua-rock-cataloger │ directory, image, installed, language, lua, package │ +│ nix-cataloger │ directory, image, installed, language, nix, package │ +│ nix-store-cataloger │ deprecated, package │ +│ opam-cataloger │ declared, directory, language, ocaml, opam, package │ +│ pe-binary-package-cataloger │ binary, declared, directory, dll, exe, image, installed, package, pe, pe-package │ +│ php-composer-installed-cataloger │ composer, image, installed, language, package, php │ +│ php-composer-lock-cataloger │ composer, declared, directory, language, package, php │ +│ php-interpreter-cataloger │ binary, declared, directory, image, installed, package, php │ +│ php-pear-serialized-cataloger │ declared, directory, image, language, package, pear, php │ +│ php-pecl-serialized-cataloger │ deprecated, package │ +│ portage-cataloger │ directory, gentoo, image, installed, linux, os, package, portage │ +│ python-installed-package-cataloger │ directory, image, installed, language, package, python │ +│ python-package-cataloger │ declared, directory, language, package, python │ +│ r-package-cataloger │ directory, image, installed, language, package, r │ +│ rpm-archive-cataloger │ declared, directory, linux, os, package, redhat, rpm │ +│ rpm-db-cataloger │ directory, image, installed, linux, os, package, redhat, rpm │ +│ ruby-gemfile-cataloger │ declared, directory, gem, language, package, ruby │ +│ ruby-gemspec-cataloger │ declared, directory, gem, gemspec, language, package, ruby │ +│ ruby-installed-gemspec-cataloger │ gem, gemspec, image, installed, language, package, ruby │ +│ rust-cargo-lock-cataloger │ cargo, declared, directory, language, package, rust │ +│ sbom-cataloger │ package, sbom │ +│ swift-package-manager-cataloger │ declared, directory, language, package, spm, swift │ +│ swipl-pack-cataloger │ declared, directory, language, pack, package, swipl │ +│ terraform-lock-cataloger │ declared, directory, package, terraform │ +│ wordpress-plugins-cataloger │ directory, image, package, wordpress │ +└────────────────────────────────────────┴──────────────────────────────────────────────────────────────────────────────────┘ +``` + +### `syft config` + +``` +log: + # suppress all logging output (env: SYFT_LOG_QUIET) + quiet: false + + # increase verbosity (-v = info, -vv = debug) (env: SYFT_LOG_VERBOSITY) + verbosity: 0 + + # explicitly set the logging level (available: [error warn info debug trace]) (env: SYFT_LOG_LEVEL) + level: 'warn' + + # file path to write logs to (env: SYFT_LOG_FILE) + file: '' + +dev: + # capture resource profiling data (available: [cpu, mem]) (env: SYFT_DEV_PROFILE) + profile: '' + +# the configuration file(s) used to load application configuration (env: SYFT_CONFIG) +config: '' + +# the output format(s) of the SBOM report (options: syft-table, syft-text, syft-json, spdx-json, ...) +# to specify multiple output files in differing formats, use a list: +# output: +# - "syft-json=" +# - "spdx-json=" (env: SYFT_OUTPUT) +output: + - 'syft-table' + +# file to write the default report output to (default is STDOUT) (env: SYFT_LEGACYFILE) +legacyFile: '' + +format: + # default value for all formats that support the "pretty" option (default is unset) (env: SYFT_FORMAT_PRETTY) + pretty: + + template: + # path to the template file to use when rendering the output with the template output format. + # Note that all template paths are based on the current syft-json schema (env: SYFT_FORMAT_TEMPLATE_PATH) + path: '' + + # if true, uses the go structs for the syft-json format for templating. + # if false, uses the syft-json output for templating (which follows the syft JSON schema exactly). + # + # Note: long term support for this option is not guaranteed (it may change or break at any time) (env: SYFT_FORMAT_TEMPLATE_LEGACY) + legacy: false + + json: + # transform any syft-json output to conform to an approximation of the v11.0.1 schema. This includes: + # - using the package metadata type names from before v12 of the JSON schema (changed in https://github.com/anchore/syft/pull/1983) + # + # Note: this will still include package types and fields that were added at or after json schema v12. This means + # that output might not strictly be json schema v11 compliant, however, for consumers that require time to port + # over to the final syft 1.0 json output this option can be used to ease the transition. + # + # Note: long term support for this option is not guaranteed (it may change or break at any time) (env: SYFT_FORMAT_JSON_LEGACY) + legacy: false + + # include space indentation and newlines + # note: inherits default value from 'format.pretty' or 'false' if parent is unset (env: SYFT_FORMAT_JSON_PRETTY) + pretty: + + spdx-json: + # include space indentation and newlines + # note: inherits default value from 'format.pretty' or 'false' if parent is unset (env: SYFT_FORMAT_SPDX_JSON_PRETTY) + pretty: + + cyclonedx-json: + # include space indentation and newlines + # note: inherits default value from 'format.pretty' or 'false' if parent is unset (env: SYFT_FORMAT_CYCLONEDX_JSON_PRETTY) + pretty: + + cyclonedx-xml: + # include space indentation and newlines + # note: inherits default value from 'format.pretty' or 'false' if parent is unset (env: SYFT_FORMAT_CYCLONEDX_XML_PRETTY) + pretty: + +# whether to check for an application update on start up or not (env: SYFT_CHECK_FOR_APP_UPDATE) +check-for-app-update: true + +# enable one or more package catalogers (env: SYFT_CATALOGERS) +catalogers: [] + +# set the base set of catalogers to use (defaults to 'image' or 'directory' depending on the scan source) (env: SYFT_DEFAULT_CATALOGERS) +default-catalogers: [] + +# add, remove, and filter the catalogers to be used (env: SYFT_SELECT_CATALOGERS) +select-catalogers: [] + +package: + # search within archives that do not contain a file index to search against (tar, tar.gz, tar.bz2, etc) + # note: enabling this may result in a performance impact since all discovered compressed tars will be decompressed + # note: for now this only applies to the java package cataloger (env: SYFT_PACKAGE_SEARCH_UNINDEXED_ARCHIVES) + search-unindexed-archives: false + + # search within archives that do contain a file index to search against (zip) + # note: for now this only applies to the java package cataloger (env: SYFT_PACKAGE_SEARCH_INDEXED_ARCHIVES) + search-indexed-archives: true + + # allows users to exclude synthetic binary packages from the sbom + # these packages are removed if an overlap with a non-synthetic package is found (env: SYFT_PACKAGE_EXCLUDE_BINARY_OVERLAP_BY_OWNERSHIP) + exclude-binary-overlap-by-ownership: true + +license: + # include the content of licenses in the SBOM for a given syft scan; valid values are: [all unknown none] (env: SYFT_LICENSE_CONTENT) + content: 'none' + + # adjust the percent as a fraction of the total text, in normalized words, that + # matches any valid license for the given inputs, expressed as a percentage across all of the licenses matched. (env: SYFT_LICENSE_COVERAGE) + coverage: 75 + +file: + metadata: + # select which files should be captured by the file-metadata cataloger and included in the SBOM. + # Options include: + # - "all": capture all files from the search space + # - "owned-by-package": capture only files owned by packages + # - "none", "": do not capture any files (env: SYFT_FILE_METADATA_SELECTION) + selection: 'owned-by-package' + + # the file digest algorithms to use when cataloging files (options: "md5", "sha1", "sha224", "sha256", "sha384", "sha512") (env: SYFT_FILE_METADATA_DIGESTS) + digests: + - 'sha1' + - 'sha256' + + content: + # skip searching a file entirely if it is above the given size (default = 1MB; unit = bytes) (env: SYFT_FILE_CONTENT_SKIP_FILES_ABOVE_SIZE) + skip-files-above-size: 256000 + + # file globs for the cataloger to match on (env: SYFT_FILE_CONTENT_GLOBS) + globs: [] + + executable: + # file globs for the cataloger to match on (env: SYFT_FILE_EXECUTABLE_GLOBS) + globs: [] + +# selection of layers to catalog, options=[squashed all-layers deep-squashed] (env: SYFT_SCOPE) +scope: 'squashed' + +# number of cataloger workers to run in parallel +# by default, when set to 0: this will be based on runtime.NumCPU * 4, if set to less than 0 it will be unbounded (env: SYFT_PARALLELISM) +parallelism: 0 + +relationships: + # include package-to-file relationships that indicate which files are owned by which packages (env: SYFT_RELATIONSHIPS_PACKAGE_FILE_OWNERSHIP) + package-file-ownership: true + + # include package-to-package relationships that indicate one package is owned by another due to files claimed to be owned by one package are also evidence of another package's existence (env: SYFT_RELATIONSHIPS_PACKAGE_FILE_OWNERSHIP_OVERLAP) + package-file-ownership-overlap: true + +compliance: + # action to take when a package is missing a name (env: SYFT_COMPLIANCE_MISSING_NAME) + missing-name: 'drop' + + # action to take when a package is missing a version (env: SYFT_COMPLIANCE_MISSING_VERSION) + missing-version: 'stub' + +# Enable data enrichment operations, which can utilize services such as Maven Central and NPM. +# By default all enrichment is disabled, use: all to enable everything. +# Available options are: all, golang, java, javascript (env: SYFT_ENRICH) +enrich: [] + +dotnet: + # only keep dep.json packages which an executable on disk is found. The package is also included if a DLL is found for any child package, even if the package itself does not have a DLL. (env: SYFT_DOTNET_DEP_PACKAGES_MUST_HAVE_DLL) + dep-packages-must-have-dll: false + + # only keep dep.json packages which have a runtime/resource DLL claimed in the deps.json targets section (but not necessarily found on disk). The package is also included if any child package claims a DLL, even if the package itself does not claim a DLL. (env: SYFT_DOTNET_DEP_PACKAGES_MUST_CLAIM_DLL) + dep-packages-must-claim-dll: true + + # treat DLL claims or on-disk evidence for child packages as DLL claims or on-disk evidence for any parent package (env: SYFT_DOTNET_PROPAGATE_DLL_CLAIMS_TO_PARENTS) + propagate-dll-claims-to-parents: true + + # show all packages from the deps.json if bundling tooling is present as a dependency (e.g. ILRepack) (env: SYFT_DOTNET_RELAX_DLL_CLAIMS_WHEN_BUNDLING_DETECTED) + relax-dll-claims-when-bundling-detected: true + +golang: + # search for go package licences in the GOPATH of the system running Syft, note that this is outside the + # container filesystem and potentially outside the root of a local directory scan (env: SYFT_GOLANG_SEARCH_LOCAL_MOD_CACHE_LICENSES) + search-local-mod-cache-licenses: + + # specify an explicit go mod cache directory, if unset this defaults to $GOPATH/pkg/mod or $HOME/go/pkg/mod (env: SYFT_GOLANG_LOCAL_MOD_CACHE_DIR) + local-mod-cache-dir: '~go~pkg~mod' + + # search for go package licences in the vendor folder on the system running Syft, note that this is outside the + # container filesystem and potentially outside the root of a local directory scan (env: SYFT_GOLANG_SEARCH_LOCAL_VENDOR_LICENSES) + search-local-vendor-licenses: + + # specify an explicit go vendor directory, if unset this defaults to ./vendor (env: SYFT_GOLANG_LOCAL_VENDOR_DIR) + local-vendor-dir: '' + + # search for go package licences by retrieving the package from a network proxy (env: SYFT_GOLANG_SEARCH_REMOTE_LICENSES) + search-remote-licenses: + + # remote proxy to use when retrieving go packages from the network, + # if unset this defaults to $GOPROXY followed by https://proxy.golang.org (env: SYFT_GOLANG_PROXY) + proxy: 'https://proxy.golang.org,direct' + + # specifies packages which should not be fetched by proxy + # if unset this defaults to $GONOPROXY (env: SYFT_GOLANG_NO_PROXY) + no-proxy: '' + + main-module-version: + # look for LD flags that appear to be setting a version (e.g. -X main.version=1.0.0) (env: SYFT_GOLANG_MAIN_MODULE_VERSION_FROM_LD_FLAGS) + from-ld-flags: true + + # search for semver-like strings in the binary contents (env: SYFT_GOLANG_MAIN_MODULE_VERSION_FROM_CONTENTS) + from-contents: false + + # use the build settings (e.g. vcs.version & vcs.time) to craft a v0 pseudo version + # (e.g. v0.0.0-20220308212642-53e6d0aaf6fb) when a more accurate version cannot be found otherwise (env: SYFT_GOLANG_MAIN_MODULE_VERSION_FROM_BUILD_SETTINGS) + from-build-settings: true + +java: + # enables Syft to use the network to fetch version and license information for packages when + # a parent or imported pom file is not found in the local maven repository. + # the pom files are downloaded from the remote Maven repository at 'maven-url' (env: SYFT_JAVA_USE_NETWORK) + use-network: + + # use the local Maven repository to retrieve pom files. When Maven is installed and was previously used + # for building the software that is being scanned, then most pom files will be available in this + # repository on the local file system. this greatly speeds up scans. when all pom files are available + # in the local repository, then 'use-network' is not needed. + # TIP: If you want to download all required pom files to the local repository without running a full + # build, run 'mvn help:effective-pom' before performing the scan with syft. (env: SYFT_JAVA_USE_MAVEN_LOCAL_REPOSITORY) + use-maven-local-repository: + + # override the default location of the local Maven repository. + # the default is the subdirectory '.m2/repository' in your home directory (env: SYFT_JAVA_MAVEN_LOCAL_REPOSITORY_DIR) + maven-local-repository-dir: '~.m2~repository' + + # maven repository to use, defaults to Maven central (env: SYFT_JAVA_MAVEN_URL) + maven-url: 'https://repo1.maven.org/maven2' + + # depth to recursively resolve parent POMs, no limit if <= 0 (env: SYFT_JAVA_MAX_PARENT_RECURSIVE_DEPTH) + max-parent-recursive-depth: 0 + + # resolve transient dependencies such as those defined in a dependency's POM on Maven central (env: SYFT_JAVA_RESOLVE_TRANSITIVE_DEPENDENCIES) + resolve-transitive-dependencies: false + +javascript: + # enables Syft to use the network to fill in more detailed license information (env: SYFT_JAVASCRIPT_SEARCH_REMOTE_LICENSES) + search-remote-licenses: + + # base NPM url to use (env: SYFT_JAVASCRIPT_NPM_BASE_URL) + npm-base-url: '' + + # include development-scoped dependencies (env: SYFT_JAVASCRIPT_INCLUDE_DEV_DEPENDENCIES) + include-dev-dependencies: + +linux-kernel: + # whether to catalog linux kernel modules found within lib/modules/** directories (env: SYFT_LINUX_KERNEL_CATALOG_MODULES) + catalog-modules: true + +nix: + # enumerate all files owned by packages found within Nix store paths (env: SYFT_NIX_CAPTURE_OWNED_FILES) + capture-owned-files: false + +python: + # when running across entries in requirements.txt that do not specify a specific version + # (e.g. "sqlalchemy >= 1.0.0, <= 2.0.0, != 3.0.0, <= 3.0.0"), attempt to guess what the version could + # be based on the version requirements specified (e.g. "1.0.0"). When enabled the lowest expressible version + # when given an arbitrary constraint will be used (even if that version may not be available/published). (env: SYFT_PYTHON_GUESS_UNPINNED_REQUIREMENTS) + guess-unpinned-requirements: false + +registry: + # skip TLS verification when communicating with the registry (env: SYFT_REGISTRY_INSECURE_SKIP_TLS_VERIFY) + insecure-skip-tls-verify: false + + # use http instead of https when connecting to the registry (env: SYFT_REGISTRY_INSECURE_USE_HTTP) + insecure-use-http: false + + # Authentication credentials for specific registries. Each entry describes authentication for a specific authority: + # - authority: the registry authority URL the URL to the registry (e.g. "docker.io", "localhost:5000", etc.) (env: SYFT_REGISTRY_AUTH_AUTHORITY) + # username: a username if using basic credentials (env: SYFT_REGISTRY_AUTH_USERNAME) + # password: a corresponding password (env: SYFT_REGISTRY_AUTH_PASSWORD) + # token: a token if using token-based authentication, mutually exclusive with username/password (env: SYFT_REGISTRY_AUTH_TOKEN) + # tls-cert: filepath to the client certificate used for TLS authentication to the registry (env: SYFT_REGISTRY_AUTH_TLS_CERT) + # tls-key: filepath to the client key used for TLS authentication to the registry (env: SYFT_REGISTRY_AUTH_TLS_KEY) + auth: [] + + # filepath to a CA certificate (or directory containing *.crt, *.cert, *.pem) used to generate the client certificate (env: SYFT_REGISTRY_CA_CERT) + ca-cert: '' + +# specify the source behavior to use (e.g. docker, registry, oci-dir, ...) (env: SYFT_FROM) +from: [] + +# an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux') (env: SYFT_PLATFORM) +platform: '' + +source: + # set the name of the target being analyzed (env: SYFT_SOURCE_NAME) + name: '' + + # set the version of the target being analyzed (env: SYFT_SOURCE_VERSION) + version: '' + + # the organization that supplied the component, which often may be the manufacturer, distributor, or repackager (env: SYFT_SOURCE_SUPPLIER) + supplier: '' + + # (env: SYFT_SOURCE_SOURCE) + source: '' + + # base directory for scanning, no links will be followed above this directory, and all paths will be reported relative to this directory (env: SYFT_SOURCE_BASE_PATH) + base-path: '' + + file: + # the file digest algorithms to use on the scanned file (options: "md5", "sha1", "sha224", "sha256", "sha384", "sha512") (env: SYFT_SOURCE_FILE_DIGESTS) + digests: + - 'SHA-256' + + image: + # allows users to specify which image source should be used to generate the sbom + # valid values are: registry, docker, podman (env: SYFT_SOURCE_IMAGE_DEFAULT_PULL_SOURCE) + default-pull-source: '' + + # (env: SYFT_SOURCE_IMAGE_MAX_LAYER_SIZE) + max-layer-size: '' + +# exclude paths from being scanned using a glob expression (env: SYFT_EXCLUDE) +exclude: [] + +unknowns: + # remove unknown errors on files with discovered packages (env: SYFT_UNKNOWNS_REMOVE_WHEN_PACKAGES_DEFINED) + remove-when-packages-defined: true + + # include executables without any identified packages (env: SYFT_UNKNOWNS_EXECUTABLES_WITHOUT_PACKAGES) + executables-without-packages: true + + # include archives which were not expanded and searched (env: SYFT_UNKNOWNS_UNEXPANDED_ARCHIVES) + unexpanded-archives: true + +cache: + # root directory to cache any downloaded content; empty string will use an in-memory cache (env: SYFT_CACHE_DIR) + dir: '~.cache~syft' + + # time to live for cached data; setting this to 0 will disable caching entirely (env: SYFT_CACHE_TTL) + ttl: '7d' + +# show catalogers that have been de-selected (env: SYFT_SHOW_HIDDEN) +show-hidden: false + +attest: + # the key to use for the attestation (env: SYFT_ATTEST_KEY) + key: '' + + # password to decrypt to given private key + # additionally responds to COSIGN_PASSWORD env var (env: SYFT_ATTEST_PASSWORD) + password: '' +``` + +### `syft convert` + +``` +[Experimental] Convert SBOM files to, and from, SPDX, CycloneDX and Syft's format. For more info about data loss between formats see https://github.com/anchore/syft/wiki/format-conversion + +Usage: + syft convert [SOURCE-SBOM] -o [FORMAT] [flags] + +Examples: + syft convert img.syft.json -o spdx-json convert a syft SBOM to spdx-json, output goes to stdout + syft convert img.syft.json -o cyclonedx-json=img.cdx.json convert a syft SBOM to CycloneDX, output is written to the file "img.cdx.json" + syft convert - -o spdx-json convert an SBOM from STDIN to spdx-json + + +Flags: + --file string file to write the default report output to (default is STDOUT) (DEPRECATED: use: --output FORMAT=PATH) + -h, --help help for convert + -o, --output stringArray report output format (= to output to a file), formats=[cyclonedx-json cyclonedx-xml github-json purls spdx-json spdx-tag-value syft-json syft-table syft-text template] (default [syft-table]) + -t, --template string specify the path to a Go template file + +Global Flags: + -c, --config stringArray syft configuration file(s) to use + --profile stringArray configuration profiles to use + -q, --quiet suppress all logging output + -v, --verbose count increase verbosity (-v = info, -vv = debug) +``` + +### `syft login` + +``` +Log in to a registry + +Usage: + syft login [OPTIONS] [SERVER] [flags] + +Examples: + # Log in to reg.example.com + syft login reg.example.com -u AzureDiamond -p hunter2 + +Flags: + -h, --help help for login + -p, --password string Password + --password-stdin Take the password from stdin + -u, --username string Username + +Global Flags: + -c, --config stringArray syft configuration file(s) to use + --profile stringArray configuration profiles to use + -q, --quiet suppress all logging output + -v, --verbose count increase verbosity (-v = info, -vv = debug) +``` + ### `syft scan` ``` @@ -143,6 +697,7 @@ Flags: -s, --scope string selection of layers to catalog, options=[squashed all-layers deep-squashed] (default "squashed") --select-catalogers stringArray add, remove, and filter the catalogers to be used --source-name string set the name of the target being analyzed + --source-supplier string the organization that supplied the component, which often may be the manufacturer, distributor, or repackager --source-version string set the version of the target being analyzed -t, --template string specify the path to a Go template file @@ -152,30 +707,3 @@ Global Flags: -q, --quiet suppress all logging output -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` - -### `syft convert` - -``` -[Experimental] Convert SBOM files to, and from, SPDX, CycloneDX and Syft's format. For more info about data loss between formats see https://github.com/anchore/syft/wiki/format-conversion - -Usage: - syft convert [SOURCE-SBOM] -o [FORMAT] [flags] - -Examples: - syft convert img.syft.json -o spdx-json convert a syft SBOM to spdx-json, output goes to stdout - syft convert img.syft.json -o cyclonedx-json=img.cdx.json convert a syft SBOM to CycloneDX, output is written to the file "img.cdx.json" - syft convert - -o spdx-json convert an SBOM from STDIN to spdx-json - - -Flags: - --file string file to write the default report output to (default is STDOUT) (DEPRECATED: use: --output FORMAT=PATH) - -h, --help help for convert - -o, --output stringArray report output format (= to output to a file), formats=[cyclonedx-json cyclonedx-xml github-json purls spdx-json spdx-tag-value syft-json syft-table syft-text template] (default [syft-table]) - -t, --template string specify the path to a Go template file - -Global Flags: - -c, --config stringArray syft configuration file(s) to use - --profile stringArray configuration profiles to use - -q, --quiet suppress all logging output - -v, --verbose count increase verbosity (-v = info, -vv = debug) -``` diff --git a/cspell.json b/cspell.json index cbe8cd69..aecdb710 100644 --- a/cspell.json +++ b/cspell.json @@ -276,7 +276,8 @@ "Kubeflow", "Michał", "Polański", - "Brun" + "Brun", + "repackager" ], "ignorePaths": [ "themes/**", @@ -287,7 +288,8 @@ "*.min.js", "*.min.css", "content/docs/releases/**", - "content/docs/about/adopters.md" + "content/docs/about/adopters.md", + "content/docs/reference/**" ], "ignoreRegExpList": ["/\\b[A-Fa-f0-9]{7,}\\b/g", "/\\bv\\d+\\.\\d+\\.\\d+/g", "/https?:\\/\\/[^\\s]+/g"], "allowCompoundWords": true, diff --git a/scripts/generate-reference-cli-docs.py b/scripts/generate-reference-cli-docs.py new file mode 100755 index 00000000..59ebf515 --- /dev/null +++ b/scripts/generate-reference-cli-docs.py @@ -0,0 +1,188 @@ +#!/usr/bin/env python3 +""" +Generate command reference documentation from container images. +Supports Cobra-based CLIs (like Syft and Grype). +""" +import subprocess +import sys +import os +import argparse +from collections import deque + + +def run_docker_command(image, cmd_parts, timeout=10): + """Run a command inside a Docker container.""" + docker_cmd = ['docker', 'run', '--rm', image] + cmd_parts + try: + result = subprocess.run(docker_cmd, + capture_output=True, text=True, timeout=timeout) + return result.stdout, result.stderr, result.returncode + except subprocess.TimeoutExpired: + return "", "Command timed out", 1 + except Exception as e: + return "", str(e), 1 + + +def get_version_info(image, app_name): + """Get version information from the app.""" + stdout, stderr, returncode = run_docker_command(image, ['version']) + if returncode == 0: + return stdout.strip() + raise RuntimeError(f"Failed to retrieve version info from the image '{image}'.") + + +def get_subcommands(image, cmd_parts): + """Extract subcommands from help output.""" + stdout, stderr, returncode = run_docker_command(image, cmd_parts + ['help']) + + if returncode != 0: + return [] + + lines = stdout.split('\n') + in_commands_section = False + commands = [] + + for line in lines: + if 'Available Commands:' in line: + in_commands_section = True + continue + elif in_commands_section: + if line.startswith(' ') and line.strip(): + cmd = line.strip().split()[0] + if cmd not in ['help', 'completion', 'version']: + commands.append(cmd) + elif line.strip() == '' or not line.startswith(' '): + break + + return commands + + +def get_command_help(image, cmd_parts): + """Get help output for a specific command.""" + print(" ...Getting help output for command:", ' '.join(cmd_parts) if cmd_parts else '(main help)') + + # Try both 'help' and '--help' patterns + for help_flag in ['help', '--help']: + if help_flag == 'help': + full_cmd = cmd_parts + [help_flag] + else: + full_cmd = cmd_parts + [help_flag] + + stdout, stderr, returncode = run_docker_command(image, full_cmd) + if returncode == 0 and stdout.strip(): + return stdout.strip() + + raise RuntimeError(f"Failed to retrieve help for command: {' '.join(cmd_parts)}") + + +def discover_all_commands(image, app_name): + """Discover all commands recursively.""" + queue = deque([([], [])]) # Start with empty cmd_parts since container runs tool directly + all_commands = [] + + while queue: + cmd_parts, path = queue.popleft() + + # Record current command path + if path: + all_commands.append(path.copy()) + + # Get subcommands + subcommands = get_subcommands(image, cmd_parts) + + # Add subcommands to queue + for subcmd in subcommands: + new_cmd_parts = cmd_parts + [subcmd] + new_path = path + [subcmd] + queue.append((new_cmd_parts, new_path)) + + return all_commands + + +def generate_markdown_content(image, app_name, tool_name): + """Generate the complete markdown content.""" + # Prepare tool name for display + tool_display = tool_name.title() + + # Generate front matter + content = f"""+++ +title = "{tool_display} Command Line Reference" +linkTitle = "{tool_display} CLI" +weight = 20 +tags = ['{tool_name.lower()}'] +categories = ['reference'] +url = "docs/reference/commands/{tool_name.lower()}" ++++ + +""" + + # Add version information + version_info = get_version_info(image, app_name) + content += f"### `{app_name} version`\n\n```\n{version_info}\n```\n\n" + + # Add main help + main_help = get_command_help(image, []) # Empty cmd_parts for main help + content += f"### `{app_name} help`\n\n```\n{main_help}\n```\n\n" + + # Discover and add all subcommands + commands = discover_all_commands(image, app_name) + + # Sort commands to ensure consistent output + commands.sort() + + for cmd_path in commands: + cmd_string = ' '.join(cmd_path) + + help_output = get_command_help(image, cmd_path) # Use cmd_path directly since container runs tool directly + content += f"### `{app_name} {cmd_string}`\n\n```\n{help_output}\n```\n\n" + + return content + + +def main(): + parser = argparse.ArgumentParser(description='Generate command reference documentation') + parser.add_argument('image', help='Container image (e.g., anchore/syft:latest)') + parser.add_argument('--output', '-o', required=True, help='Output markdown file path') + parser.add_argument('--tool-name', help='Tool name for documentation (auto-detected if not provided)') + parser.add_argument('--app-name', help='App binary name (auto-detected if not provided)') + parser.add_argument('--mock', action='store_true', help='Generate mock documentation for testing') + + args = parser.parse_args() + + # Auto-detect tool and app names if not provided + if not args.tool_name: + # Extract tool name from image name (e.g., anchore/syft:latest -> syft) + image_parts = args.image.split('/') + if len(image_parts) > 1: + tool_part = image_parts[-1].split(':')[0] + else: + tool_part = args.image.split(':')[0] + args.tool_name = tool_part + + if not args.app_name: + args.app_name = args.tool_name + + print(f"Generating CLI docs for {args.tool_name} using image {args.image}...") + + # Create output directory if it doesn't exist + output_dir = os.path.dirname(args.output) + if output_dir and not os.path.exists(output_dir): + os.makedirs(output_dir, exist_ok=True) + + # Generate markdown content + try: + content = generate_markdown_content(args.image, args.app_name, args.tool_name) + + # Write to file + with open(args.output, 'w', encoding='utf-8') as f: + f.write(content) + + print(f"CLI docs generated successfully: {args.output}") + + except Exception as e: + print(f"Error generating documentation: {e}", file=sys.stderr) + sys.exit(1) + + +if __name__ == "__main__": + main() \ No newline at end of file diff --git a/scripts/generate-reference-config-docs.py b/scripts/generate-reference-config-docs.py new file mode 100755 index 00000000..cedfb3b7 --- /dev/null +++ b/scripts/generate-reference-config-docs.py @@ -0,0 +1,106 @@ +#!/usr/bin/env python3 +""" +Generate configuration documentation from container images. +Supports tools that have a 'config' subcommand (like Syft and Grype). +""" +import subprocess +import sys +import os +import argparse + + +def run_docker_command(image, cmd_parts, timeout=10): + """Run a command inside a Docker container.""" + docker_cmd = ['docker', 'run', '--rm', image] + cmd_parts + try: + result = subprocess.run(docker_cmd, + capture_output=True, text=True, timeout=timeout) + return result.stdout, result.stderr, result.returncode + except subprocess.TimeoutExpired: + return "", "Command timed out", 1 + except Exception as e: + return "", str(e), 1 + + +def get_config_output(image): + """Get configuration output from the app.""" + stdout, stderr, returncode = run_docker_command(image, ['config']) + if returncode == 0: + return stdout.strip() + return None + + +def generate_markdown_content(image, app_name, tool_name): + """Generate the complete markdown content for config documentation.""" + # Prepare tool name for display + tool_display = tool_name.title() + + # Generate front matter + content = f"""+++ +title = "{tool_display} Default Configuration" +linkTitle = "{tool_display} Default Config" +weight = 25 +tags = ['{tool_name.lower()}'] +categories = ['reference'] +url = "docs/reference/commands/{tool_name.lower()}-config" ++++ + +""" + + # Get configuration output + config_output = get_config_output(image) + + if config_output: + content += f"```yaml\n{config_output}\n```\n\n" + else: + raise RuntimeError(f"Failed to retrieve configuration from the image '{image}'.") + + return content + + +def main(): + parser = argparse.ArgumentParser(description='Generate configuration reference documentation') + parser.add_argument('image', help='Container image (e.g., anchore/syft:latest)') + parser.add_argument('--output', '-o', required=True, help='Output markdown file path') + parser.add_argument('--tool-name', help='Tool name for documentation (auto-detected if not provided)') + parser.add_argument('--app-name', help='App binary name (auto-detected if not provided)') + + args = parser.parse_args() + + # Auto-detect tool and app names if not provided + if not args.tool_name: + # Extract tool name from image name (e.g., anchore/syft:latest -> syft) + image_parts = args.image.split('/') + if len(image_parts) > 1: + tool_part = image_parts[-1].split(':')[0] + else: + tool_part = args.image.split(':')[0] + args.tool_name = tool_part + + if not args.app_name: + args.app_name = args.tool_name + + print(f"Generating configuration docs for {args.tool_name} using image {args.image}...") + + # Create output directory if it doesn't exist + output_dir = os.path.dirname(args.output) + if output_dir and not os.path.exists(output_dir): + os.makedirs(output_dir, exist_ok=True) + + # Generate markdown content + try: + content = generate_markdown_content(args.image, args.app_name, args.tool_name) + + # Write to file + with open(args.output, 'w', encoding='utf-8') as f: + f.write(content) + + print(f"Configuration docs generated successfully: {args.output}") + + except Exception as e: + print(f"Error generating configuration documentation: {e}", file=sys.stderr) + sys.exit(1) + + +if __name__ == "__main__": + main() \ No newline at end of file diff --git a/tasks.d/generate.yaml b/tasks.d/generate.yaml new file mode 100644 index 00000000..c9d2b7bb --- /dev/null +++ b/tasks.d/generate.yaml @@ -0,0 +1,64 @@ +version: '3' + +tasks: + # Syft tasks + syft:cli: + desc: Generate Syft command line reference documentation + dir: scripts + cmds: + - python3 generate-reference-cli-docs.py anchore/syft:latest --output ../content/docs/reference/commands/syft.md --tool-name syft + + syft:config: + desc: Generate Syft configuration reference documentation + dir: scripts + cmds: + - python3 generate-reference-config-docs.py anchore/syft:latest --output ../content/docs/reference/commands/syft-config.md --tool-name syft + + syft: + desc: Generate all Syft documentation (CLI + config) + deps: + - syft:cli + - syft:config + + # Grype tasks + grype:cli: + desc: Generate Grype command line reference documentation + dir: scripts + cmds: + - python3 generate-reference-cli-docs.py anchore/grype:latest --output ../content/docs/reference/commands/grype.md --tool-name grype + + grype:config: + desc: Generate Grype configuration reference documentation + dir: scripts + cmds: + - python3 generate-reference-config-docs.py anchore/grype:latest --output ../content/docs/reference/commands/grype-config.md --tool-name grype + + grype: + desc: Generate all Grype documentation (CLI + config) + deps: + - grype:cli + - grype:config + + # Master task to generate all reference documentation + reference: + desc: Generate all reference documentation (Syft + Grype, CLI + config) + deps: + - syft + - grype + + # Trigger GitHub Actions workflow to generate docs and create PR + reference:pr: + desc: Trigger GitHub Actions workflow to generate reference docs and create PR + cmds: + - | + echo "🚀 Triggering GitHub Actions workflow to generate reference docs..." + if gh workflow run update-reference-docs.yaml; then + echo "✅ Workflow triggered successfully!" + echo "📍 Check progress: gh run list --workflow=update-reference-docs.yaml" + echo "📍 Or visit: https://github.com/$(gh repo view --json owner,name -q '.owner.login + \"/\" + .name')/actions" + else + echo "❌ Failed to trigger workflow. Make sure:" + echo " 1. The workflow file is committed and pushed to the default branch" + echo " 2. You're authenticated with GitHub CLI (gh auth login)" + echo " 3. You have workflow dispatch permissions on this repository" + fi From c00b34a81515eaeda6c63814128581c3814488ad Mon Sep 17 00:00:00 2001 From: Alex Goodman Date: Mon, 29 Sep 2025 16:36:40 -0400 Subject: [PATCH 2/2] add python tests and tooling Signed-off-by: Alex Goodman --- .github/actions/bootstrap/action.yaml | 35 +- .github/dependabot.yml | 2 +- .github/workflows/update-reference-docs.yaml | 6 +- .github/workflows/validations.yaml | 2 +- .github/zizmor.yml | 2 +- .gitignore | 9 +- .lychee.toml | 2 +- .markdownlint-cli2.jsonc | 2 +- .markdownlint.jsonc | 2 +- .pre-commit-config.yaml | 93 ++++ .prettierignore | 2 +- Makefile | 2 +- Taskfile.yml | 66 +-- content/docs/contributing/_index.md | 8 +- content/docs/contributing/syft/_index.md | 2 +- content/docs/reference/_index.md | 4 +- content/docs/reference/commands/grype.md | 394 ++----------- content/docs/reference/commands/syft.md | 526 ++---------------- content/docs/releases/grant/_index.md | 2 +- content/docs/releases/grant/v0.1.0.md | 22 +- content/docs/releases/grant/v0.1.1.md | 36 +- content/docs/releases/grant/v0.2.0.md | 10 +- content/docs/releases/grant/v0.2.1.md | 10 +- content/docs/releases/grant/v0.2.2.md | 29 +- content/docs/releases/grant/v0.2.6.md | 9 +- content/docs/releases/grype-db/_index.md | 2 +- content/docs/releases/grype-db/v0.14.0.md | 20 +- content/docs/releases/grype-db/v0.16.0.md | 12 +- content/docs/releases/grype-db/v0.19.1.md | 14 +- content/docs/releases/grype-db/v0.23.3.md | 10 +- content/docs/releases/grype/_index.md | 2 +- content/docs/releases/grype/v0.1.0-beta.1.md | 2 - content/docs/releases/grype/v0.1.0-beta.11.md | 4 +- content/docs/releases/grype/v0.1.0-beta.2.md | 2 - content/docs/releases/grype/v0.1.0-beta.3.md | 2 - content/docs/releases/grype/v0.1.0-beta.4.md | 2 - content/docs/releases/grype/v0.1.0-beta.5.md | 66 +-- content/docs/releases/grype/v0.1.0-beta.6.md | 10 +- content/docs/releases/grype/v0.10.2.md | 59 +- content/docs/releases/grype/v0.11.0.md | 44 +- content/docs/releases/grype/v0.12.1.md | 59 +- content/docs/releases/grype/v0.13.0.md | 46 +- content/docs/releases/grype/v0.15.0.md | 59 +- content/docs/releases/grype/v0.16.0.md | 37 +- content/docs/releases/grype/v0.17.0.md | 44 +- content/docs/releases/grype/v0.18.0.md | 43 +- content/docs/releases/grype/v0.19.0.md | 45 +- content/docs/releases/grype/v0.2.0.md | 38 +- content/docs/releases/grype/v0.20.0.md | 51 +- content/docs/releases/grype/v0.21.0.md | 42 +- content/docs/releases/grype/v0.22.0.md | 41 +- content/docs/releases/grype/v0.23.0.md | 38 +- content/docs/releases/grype/v0.24.0.md | 48 +- content/docs/releases/grype/v0.24.1.md | 22 +- content/docs/releases/grype/v0.25.0.md | 18 +- content/docs/releases/grype/v0.25.1.md | 11 +- content/docs/releases/grype/v0.26.1.md | 25 +- content/docs/releases/grype/v0.27.0.md | 20 +- content/docs/releases/grype/v0.27.1.md | 24 +- content/docs/releases/grype/v0.27.2.md | 22 +- content/docs/releases/grype/v0.27.3.md | 23 +- content/docs/releases/grype/v0.28.0.md | 39 +- content/docs/releases/grype/v0.29.0.md | 30 +- content/docs/releases/grype/v0.3.0.md | 29 +- content/docs/releases/grype/v0.30.0.md | 21 +- content/docs/releases/grype/v0.31.1.md | 31 +- content/docs/releases/grype/v0.32.0.md | 28 +- content/docs/releases/grype/v0.33.0.md | 22 +- content/docs/releases/grype/v0.33.1.md | 12 +- content/docs/releases/grype/v0.34.1.md | 26 +- content/docs/releases/grype/v0.34.3.md | 12 +- content/docs/releases/grype/v0.34.4.md | 20 +- content/docs/releases/grype/v0.34.6.md | 12 +- content/docs/releases/grype/v0.34.7.md | 14 +- content/docs/releases/grype/v0.35.0.md | 30 +- content/docs/releases/grype/v0.36.0.md | 22 +- content/docs/releases/grype/v0.36.1.md | 7 +- content/docs/releases/grype/v0.37.0.md | 28 +- content/docs/releases/grype/v0.38.0.md | 12 +- content/docs/releases/grype/v0.39.0.md | 22 +- content/docs/releases/grype/v0.4.0.md | 32 +- content/docs/releases/grype/v0.40.0.md | 2 +- content/docs/releases/grype/v0.40.1.md | 21 +- content/docs/releases/grype/v0.41.0.md | 25 +- content/docs/releases/grype/v0.43.0.md | 23 +- content/docs/releases/grype/v0.44.0.md | 14 +- content/docs/releases/grype/v0.45.0.md | 26 +- content/docs/releases/grype/v0.46.0.md | 14 +- content/docs/releases/grype/v0.47.0.md | 20 +- content/docs/releases/grype/v0.48.0.md | 21 +- content/docs/releases/grype/v0.5.0.md | 34 +- content/docs/releases/grype/v0.50.0.md | 11 +- content/docs/releases/grype/v0.50.1.md | 8 +- content/docs/releases/grype/v0.51.0.md | 25 +- content/docs/releases/grype/v0.52.0.md | 2 +- content/docs/releases/grype/v0.53.0.md | 14 +- content/docs/releases/grype/v0.54.0.md | 28 +- content/docs/releases/grype/v0.55.0.md | 28 +- content/docs/releases/grype/v0.56.0.md | 22 +- content/docs/releases/grype/v0.57.0.md | 33 +- content/docs/releases/grype/v0.6.0.md | 27 +- content/docs/releases/grype/v0.6.1.md | 20 +- content/docs/releases/grype/v0.60.0.md | 20 +- content/docs/releases/grype/v0.61.0.md | 24 +- content/docs/releases/grype/v0.61.1.md | 4 +- content/docs/releases/grype/v0.62.0.md | 50 +- content/docs/releases/grype/v0.62.1.md | 15 +- content/docs/releases/grype/v0.62.3.md | 16 +- content/docs/releases/grype/v0.63.0.md | 24 +- content/docs/releases/grype/v0.64.0.md | 32 +- content/docs/releases/grype/v0.64.1.md | 20 +- content/docs/releases/grype/v0.64.2.md | 12 +- content/docs/releases/grype/v0.65.1.md | 2 +- content/docs/releases/grype/v0.65.2.md | 20 +- content/docs/releases/grype/v0.66.0.md | 40 +- content/docs/releases/grype/v0.67.0.md | 2 +- content/docs/releases/grype/v0.68.0.md | 28 +- content/docs/releases/grype/v0.68.1.md | 16 +- content/docs/releases/grype/v0.7.0.md | 22 +- content/docs/releases/grype/v0.70.0.md | 16 +- content/docs/releases/grype/v0.73.0.md | 30 +- content/docs/releases/grype/v0.73.4.md | 9 +- content/docs/releases/grype/v0.74.0.md | 26 +- content/docs/releases/grype/v0.74.1.md | 18 +- content/docs/releases/grype/v0.74.7.md | 18 +- content/docs/releases/grype/v0.76.0.md | 24 +- content/docs/releases/grype/v0.77.3.md | 8 +- content/docs/releases/grype/v0.78.0.md | 2 +- content/docs/releases/grype/v0.79.1.md | 10 +- content/docs/releases/grype/v0.8.0.md | 29 +- content/docs/releases/grype/v0.80.1.md | 16 +- content/docs/releases/grype/v0.84.0.md | 26 +- content/docs/releases/grype/v0.85.0.md | 28 +- content/docs/releases/grype/v0.86.0.md | 2 +- content/docs/releases/grype/v0.87.0.md | 2 +- content/docs/releases/grype/v0.88.0.md | 76 +-- content/docs/releases/grype/v0.89.0.md | 22 +- content/docs/releases/grype/v0.9.0.md | 43 +- content/docs/releases/grype/v0.92.0.md | 2 +- content/docs/releases/grype/v0.96.1.md | 14 +- content/docs/releases/grype/v0.97.2.md | 20 +- content/docs/releases/grype/v0.99.0.md | 32 +- content/docs/releases/sbom-action/_index.md | 2 +- content/docs/releases/sbom-action/v0.1.0.md | 4 +- content/docs/releases/sbom-action/v0.10.0.md | 6 +- content/docs/releases/sbom-action/v0.11.0.md | 4 +- content/docs/releases/sbom-action/v0.12.0.md | 10 +- content/docs/releases/sbom-action/v0.13.0.md | 8 +- content/docs/releases/sbom-action/v0.13.1.md | 6 +- content/docs/releases/sbom-action/v0.13.2.md | 4 +- content/docs/releases/sbom-action/v0.13.3.md | 4 +- content/docs/releases/sbom-action/v0.13.4.md | 8 +- content/docs/releases/sbom-action/v0.14.1.md | 4 +- content/docs/releases/sbom-action/v0.14.2.md | 8 +- content/docs/releases/sbom-action/v0.14.3.md | 4 +- content/docs/releases/sbom-action/v0.15.0.md | 20 +- content/docs/releases/sbom-action/v0.15.1.md | 8 +- content/docs/releases/sbom-action/v0.15.10.md | 6 +- content/docs/releases/sbom-action/v0.15.11.md | 8 +- content/docs/releases/sbom-action/v0.15.2.md | 6 +- content/docs/releases/sbom-action/v0.15.3.md | 4 +- content/docs/releases/sbom-action/v0.15.4.md | 4 +- content/docs/releases/sbom-action/v0.15.5.md | 4 +- content/docs/releases/sbom-action/v0.15.6.md | 4 +- content/docs/releases/sbom-action/v0.15.7.md | 4 +- content/docs/releases/sbom-action/v0.15.8.md | 4 +- content/docs/releases/sbom-action/v0.15.9.md | 6 +- content/docs/releases/sbom-action/v0.16.0.md | 10 +- content/docs/releases/sbom-action/v0.16.1.md | 12 +- content/docs/releases/sbom-action/v0.17.0.md | 4 +- content/docs/releases/sbom-action/v0.17.1.md | 4 +- content/docs/releases/sbom-action/v0.17.2.md | 4 +- content/docs/releases/sbom-action/v0.17.3.md | 4 +- content/docs/releases/sbom-action/v0.17.4.md | 4 +- content/docs/releases/sbom-action/v0.17.5.md | 4 +- content/docs/releases/sbom-action/v0.17.6.md | 6 +- content/docs/releases/sbom-action/v0.17.7.md | 4 +- content/docs/releases/sbom-action/v0.17.8.md | 4 +- content/docs/releases/sbom-action/v0.17.9.md | 6 +- content/docs/releases/sbom-action/v0.18.0.md | 8 +- content/docs/releases/sbom-action/v0.19.0.md | 8 +- content/docs/releases/sbom-action/v0.2.0.md | 4 +- content/docs/releases/sbom-action/v0.20.0.md | 4 +- content/docs/releases/sbom-action/v0.20.1.md | 4 +- content/docs/releases/sbom-action/v0.20.2.md | 4 +- content/docs/releases/sbom-action/v0.20.3.md | 4 +- content/docs/releases/sbom-action/v0.20.4.md | 4 +- content/docs/releases/sbom-action/v0.20.5.md | 4 +- content/docs/releases/sbom-action/v0.3.0.md | 8 +- content/docs/releases/sbom-action/v0.4.0.md | 16 +- content/docs/releases/sbom-action/v0.5.0.md | 6 +- content/docs/releases/sbom-action/v0.6.0.md | 4 +- content/docs/releases/sbom-action/v0.7.0.md | 4 +- content/docs/releases/sbom-action/v0.8.0.md | 6 +- content/docs/releases/sbom-action/v0.9.0.md | 12 +- content/docs/releases/scan-action/_index.md | 2 +- content/docs/releases/scan-action/v1.0.3.md | 2 - content/docs/releases/scan-action/v1.0.4.md | 2 - content/docs/releases/scan-action/v2.0.0.md | 30 +- content/docs/releases/scan-action/v2.0.1.md | 14 +- content/docs/releases/scan-action/v2.0.2.md | 6 +- content/docs/releases/scan-action/v2.0.4.md | 4 +- content/docs/releases/scan-action/v3.0.0.md | 10 +- content/docs/releases/scan-action/v3.1.0.md | 4 +- content/docs/releases/scan-action/v3.2.0.md | 10 +- content/docs/releases/scan-action/v3.2.1.md | 4 +- content/docs/releases/scan-action/v3.2.2.md | 6 +- content/docs/releases/scan-action/v3.2.3.md | 4 +- content/docs/releases/scan-action/v3.2.4.md | 6 +- content/docs/releases/scan-action/v3.2.5.md | 6 +- content/docs/releases/scan-action/v3.3.0.md | 8 +- content/docs/releases/scan-action/v3.3.1.md | 4 +- content/docs/releases/scan-action/v3.3.2.md | 4 +- content/docs/releases/scan-action/v3.3.3.md | 6 +- content/docs/releases/scan-action/v3.3.4.md | 4 +- content/docs/releases/scan-action/v3.3.5.md | 8 +- content/docs/releases/scan-action/v3.3.6.md | 8 +- content/docs/releases/scan-action/v3.3.7.md | 28 +- content/docs/releases/scan-action/v3.3.8.md | 8 +- content/docs/releases/scan-action/v3.4.0.md | 10 +- content/docs/releases/scan-action/v3.5.0.md | 6 +- content/docs/releases/scan-action/v3.6.0.md | 6 +- content/docs/releases/scan-action/v3.6.1.md | 6 +- content/docs/releases/scan-action/v3.6.2.md | 4 +- content/docs/releases/scan-action/v3.6.3.md | 4 +- content/docs/releases/scan-action/v3.6.4.md | 4 +- content/docs/releases/scan-action/v4.0.0.md | 8 +- content/docs/releases/scan-action/v4.1.0.md | 4 +- content/docs/releases/scan-action/v4.1.1.md | 6 +- content/docs/releases/scan-action/v4.1.2.md | 4 +- content/docs/releases/scan-action/v5.0.0.md | 16 +- content/docs/releases/scan-action/v5.0.1.md | 4 +- content/docs/releases/scan-action/v5.1.0.md | 8 +- content/docs/releases/scan-action/v5.2.0.md | 8 +- content/docs/releases/scan-action/v5.2.1.md | 6 +- content/docs/releases/scan-action/v5.3.0.md | 10 +- content/docs/releases/scan-action/v6.0.0.md | 41 +- content/docs/releases/scan-action/v6.1.0.md | 8 +- content/docs/releases/scan-action/v6.2.0.md | 4 +- content/docs/releases/scan-action/v6.3.0.md | 4 +- content/docs/releases/scan-action/v6.4.0.md | 14 +- content/docs/releases/scan-action/v6.5.0.md | 6 +- content/docs/releases/scan-action/v6.5.1.md | 4 +- content/docs/releases/stereoscope/_index.md | 2 +- content/docs/releases/stereoscope/v0.0.1.md | 7 +- content/docs/releases/stereoscope/v0.0.10.md | 12 +- content/docs/releases/stereoscope/v0.0.2.md | 22 +- content/docs/releases/stereoscope/v0.0.3.md | 8 +- content/docs/releases/stereoscope/v0.0.4.md | 8 +- content/docs/releases/stereoscope/v0.0.5.md | 10 +- content/docs/releases/stereoscope/v0.0.8.md | 20 +- content/docs/releases/stereoscope/v0.0.9.md | 10 +- content/docs/releases/stereoscope/v0.1.0.md | 72 +-- content/docs/releases/stereoscope/v0.1.10.md | 27 +- content/docs/releases/stereoscope/v0.1.9.md | 20 +- content/docs/releases/syft/_index.md | 2 +- content/docs/releases/syft/v0.1.0-beta.1.md | 2 - content/docs/releases/syft/v0.1.0-beta.3.md | 58 +- content/docs/releases/syft/v0.1.0-beta.4.md | 10 +- content/docs/releases/syft/v0.1.0-beta.5.md | 62 +-- content/docs/releases/syft/v0.10.0.md | 23 +- content/docs/releases/syft/v0.11.0.md | 36 +- content/docs/releases/syft/v0.11.1.md | 20 +- content/docs/releases/syft/v0.12.0.md | 28 +- content/docs/releases/syft/v0.12.1.md | 22 +- content/docs/releases/syft/v0.12.2.md | 22 +- content/docs/releases/syft/v0.12.3.md | 20 +- content/docs/releases/syft/v0.12.4.md | 20 +- content/docs/releases/syft/v0.12.5.md | 20 +- content/docs/releases/syft/v0.12.6.md | 20 +- content/docs/releases/syft/v0.12.7.md | 22 +- content/docs/releases/syft/v0.13.0.md | 30 +- content/docs/releases/syft/v0.13.1.md | 20 +- content/docs/releases/syft/v0.14.0.md | 32 +- content/docs/releases/syft/v0.15.1.md | 87 ++- content/docs/releases/syft/v0.15.2.md | 33 +- content/docs/releases/syft/v0.16.1.md | 45 +- content/docs/releases/syft/v0.17.0.md | 43 +- content/docs/releases/syft/v0.17.1.md | 33 +- content/docs/releases/syft/v0.18.0.md | 43 +- content/docs/releases/syft/v0.19.0.md | 39 +- content/docs/releases/syft/v0.19.1.md | 35 +- content/docs/releases/syft/v0.2.0.md | 29 +- content/docs/releases/syft/v0.20.0.md | 47 +- content/docs/releases/syft/v0.21.0.md | 40 +- content/docs/releases/syft/v0.23.0.md | 49 +- content/docs/releases/syft/v0.24.0.md | 41 +- content/docs/releases/syft/v0.24.1.md | 33 +- content/docs/releases/syft/v0.25.0.md | 49 +- content/docs/releases/syft/v0.26.0.md | 41 +- content/docs/releases/syft/v0.27.0.md | 25 +- content/docs/releases/syft/v0.28.0.md | 26 +- content/docs/releases/syft/v0.29.0.md | 24 +- content/docs/releases/syft/v0.3.0.md | 35 +- content/docs/releases/syft/v0.30.1.md | 35 +- content/docs/releases/syft/v0.31.0.md | 39 +- content/docs/releases/syft/v0.32.0.md | 35 +- content/docs/releases/syft/v0.32.1.md | 25 +- content/docs/releases/syft/v0.32.2.md | 25 +- content/docs/releases/syft/v0.33.0.md | 22 +- content/docs/releases/syft/v0.34.0.md | 24 +- content/docs/releases/syft/v0.35.0.md | 42 +- content/docs/releases/syft/v0.35.1.md | 15 +- content/docs/releases/syft/v0.36.0.md | 38 +- content/docs/releases/syft/v0.37.10.md | 22 +- content/docs/releases/syft/v0.38.0.md | 26 +- content/docs/releases/syft/v0.39.3.md | 32 +- content/docs/releases/syft/v0.4.0.md | 32 +- content/docs/releases/syft/v0.4.1.md | 22 +- content/docs/releases/syft/v0.40.0.md | 22 +- content/docs/releases/syft/v0.40.1.md | 12 +- content/docs/releases/syft/v0.41.0.md | 20 +- content/docs/releases/syft/v0.41.1.md | 12 +- content/docs/releases/syft/v0.41.4.md | 26 +- content/docs/releases/syft/v0.41.5.md | 12 +- content/docs/releases/syft/v0.41.6.md | 12 +- content/docs/releases/syft/v0.42.0.md | 20 +- content/docs/releases/syft/v0.42.1.md | 16 +- content/docs/releases/syft/v0.42.2.md | 12 +- content/docs/releases/syft/v0.42.3.md | 12 +- content/docs/releases/syft/v0.42.4.md | 13 +- content/docs/releases/syft/v0.43.0.md | 24 +- content/docs/releases/syft/v0.43.2.md | 12 +- content/docs/releases/syft/v0.44.0.md | 14 +- content/docs/releases/syft/v0.44.1.md | 16 +- content/docs/releases/syft/v0.45.0.md | 22 +- content/docs/releases/syft/v0.45.1.md | 16 +- content/docs/releases/syft/v0.46.0.md | 28 +- content/docs/releases/syft/v0.46.1.md | 12 +- content/docs/releases/syft/v0.46.2.md | 16 +- content/docs/releases/syft/v0.46.3.md | 16 +- content/docs/releases/syft/v0.47.0.md | 29 +- content/docs/releases/syft/v0.48.0.md | 2 +- content/docs/releases/syft/v0.48.1.md | 12 +- content/docs/releases/syft/v0.49.0.md | 30 +- content/docs/releases/syft/v0.5.0.md | 34 +- content/docs/releases/syft/v0.5.1.md | 22 +- content/docs/releases/syft/v0.51.0.md | 32 +- content/docs/releases/syft/v0.52.0.md | 22 +- content/docs/releases/syft/v0.53.0.md | 22 +- content/docs/releases/syft/v0.53.1.md | 12 +- content/docs/releases/syft/v0.54.0.md | 2 +- content/docs/releases/syft/v0.55.0.md | 28 +- content/docs/releases/syft/v0.56.0.md | 20 +- content/docs/releases/syft/v0.57.0.md | 16 +- content/docs/releases/syft/v0.58.0.md | 19 +- content/docs/releases/syft/v0.59.0.md | 24 +- content/docs/releases/syft/v0.6.0.md | 30 +- content/docs/releases/syft/v0.60.1.md | 2 +- content/docs/releases/syft/v0.61.0.md | 46 +- content/docs/releases/syft/v0.62.1.md | 16 +- content/docs/releases/syft/v0.62.2.md | 17 +- content/docs/releases/syft/v0.62.3.md | 25 +- content/docs/releases/syft/v0.63.0.md | 26 +- content/docs/releases/syft/v0.64.0.md | 32 +- content/docs/releases/syft/v0.65.0.md | 22 +- content/docs/releases/syft/v0.66.0.md | 31 +- content/docs/releases/syft/v0.66.1.md | 13 +- content/docs/releases/syft/v0.66.2.md | 14 +- content/docs/releases/syft/v0.68.0.md | 28 +- content/docs/releases/syft/v0.68.1.md | 20 +- content/docs/releases/syft/v0.69.0.md | 22 +- content/docs/releases/syft/v0.69.1.md | 14 +- content/docs/releases/syft/v0.7.0.md | 31 +- content/docs/releases/syft/v0.7.1.md | 20 +- content/docs/releases/syft/v0.70.0.md | 28 +- content/docs/releases/syft/v0.71.0.md | 28 +- content/docs/releases/syft/v0.72.1.md | 20 +- content/docs/releases/syft/v0.73.0.md | 28 +- content/docs/releases/syft/v0.74.0.md | 48 +- content/docs/releases/syft/v0.74.1.md | 22 +- content/docs/releases/syft/v0.75.0.md | 20 +- content/docs/releases/syft/v0.76.0.md | 54 +- content/docs/releases/syft/v0.76.1.md | 14 +- content/docs/releases/syft/v0.77.0.md | 16 +- content/docs/releases/syft/v0.78.0.md | 26 +- content/docs/releases/syft/v0.79.0.md | 30 +- content/docs/releases/syft/v0.8.0.md | 30 +- content/docs/releases/syft/v0.80.0.md | 2 +- content/docs/releases/syft/v0.81.0.md | 42 +- content/docs/releases/syft/v0.82.0.md | 23 +- content/docs/releases/syft/v0.83.0.md | 44 +- content/docs/releases/syft/v0.83.1.md | 16 +- content/docs/releases/syft/v0.84.1.md | 26 +- content/docs/releases/syft/v0.85.0.md | 52 +- content/docs/releases/syft/v0.86.0.md | 40 +- content/docs/releases/syft/v0.86.1.md | 12 +- content/docs/releases/syft/v0.87.0.md | 2 +- content/docs/releases/syft/v0.87.1.md | 22 +- content/docs/releases/syft/v0.88.0.md | 2 +- content/docs/releases/syft/v0.89.0.md | 38 +- content/docs/releases/syft/v0.9.0.md | 30 +- content/docs/releases/syft/v0.9.1.md | 18 +- content/docs/releases/syft/v0.9.2.md | 19 +- content/docs/releases/syft/v0.90.0.md | 2 +- content/docs/releases/syft/v0.91.0.md | 48 +- content/docs/releases/syft/v0.95.0.md | 69 ++- content/docs/releases/syft/v0.98.0.md | 65 +-- content/docs/releases/syft/v1.0.0.md | 28 +- content/docs/releases/syft/v1.11.0.md | 38 +- content/docs/releases/syft/v1.16.0.md | 22 +- content/docs/releases/syft/v1.19.0.md | 30 +- content/docs/releases/syft/v1.20.0.md | 46 +- content/docs/releases/syft/v1.27.0.md | 38 +- content/docs/releases/syft/v1.3.0.md | 34 +- content/docs/releases/syft/v1.30.0.md | 16 +- content/docs/releases/syft/v1.32.0.md | 30 +- content/docs/releases/syft/v1.4.0.md | 52 +- content/docs/releases/syft/v1.5.0.md | 44 +- content/docs/releases/vunnel/_index.md | 2 +- content/docs/releases/vunnel/v0.1.0.md | 20 +- content/docs/releases/vunnel/v0.1.1.md | 4 +- content/docs/releases/vunnel/v0.1.2.md | 12 +- content/docs/releases/vunnel/v0.1.3.md | 14 +- content/docs/releases/vunnel/v0.1.4.md | 4 +- content/docs/releases/vunnel/v0.12.1.md | 9 +- content/docs/releases/vunnel/v0.15.3.md | 13 +- content/docs/releases/vunnel/v0.16.0.md | 12 +- content/docs/releases/vunnel/v0.17.5.md | 22 +- content/docs/releases/vunnel/v0.18.2.md | 15 +- content/docs/releases/vunnel/v0.18.3.md | 12 +- content/docs/releases/vunnel/v0.18.5.md | 8 +- content/docs/releases/vunnel/v0.2.0.md | 24 +- content/docs/releases/vunnel/v0.3.0.md | 24 +- content/docs/releases/vunnel/v0.3.1.md | 12 +- content/docs/releases/vunnel/v0.3.2.md | 8 +- content/docs/releases/vunnel/v0.7.0.md | 12 +- content/docs/releases/vunnel/v0.8.1.md | 21 +- data/adopters.json | 6 +- layouts/_partials/navbar.html | 2 +- layouts/docs/baseof.html | 2 +- layouts/shortcodes/adopters-list.html | 2 +- pyproject.toml | 67 +++ scripts/.gitignore | 1 - scripts/README.md | 6 +- scripts/generate-adopters-info.sh | 12 +- scripts/generate-reference-cli-docs.py | 188 ------- scripts/generate-release-notes.sh | 12 +- scripts/generate_reference_cli_docs.py | 357 ++++++++++++ ...s.py => generate_reference_config_docs.py} | 133 +++-- scripts/release-to-hugo.py | 125 +++-- scripts/validate-hugo.sh | 2 +- static/images/logos/anchore-logo-inverted.svg | 2 +- .../logos/anchore-logo-minimal-inverted.svg | 2 +- static/images/logos/anchore-logo.svg | 2 +- tasks.d/generate.yaml | 75 +-- tasks.d/hugo.yaml | 75 +++ tasks.d/python.yaml | 55 ++ tests/__init__.py | 0 tests/conftest.py | 0 .../basic-help-with-description-and-usage.txt | 10 + .../description-already-ends-with-period.txt | 4 + ...owercase-first-letter-gets-capitalized.txt | 4 + ...ultiple-empty-lines-between-paragraphs.txt | 11 + ...description-with-only-whitespace-lines.txt | 4 + .../description-with-trailing-empty-lines.txt | 5 + .../split_help_output/empty-description.txt | 5 + .../main-help-includes-global-flags.txt | 10 + .../multi-paragraph-description.txt | 9 + .../split_help_output/no-usage-line-found.txt | 2 + ...ain-help-truncates-before-global-flags.txt | 10 + .../single-character-description.txt | 4 + .../description.txt | 1 + .../details.txt | 5 + .../description.txt | 1 + .../details.txt | 2 + .../description.txt | 1 + .../details.txt | 2 + .../description.txt | 5 + .../details.txt | 2 + .../description.txt | 0 .../details.txt | 2 + .../description.txt | 1 + .../details.txt | 2 + .../empty-description-False/description.txt | 0 .../empty-description-False/details.txt | 5 + .../description.txt | 1 + .../details.txt | 8 + .../description.txt | 3 + .../details.txt | 5 + .../no-usage-line-found-False/description.txt | 0 .../no-usage-line-found-False/details.txt | 2 + .../description.txt | 1 + .../details.txt | 5 + .../description.txt | 1 + .../details.txt | 2 + tests/test_generate_reference_cli_docs.py | 36 ++ uv.lock | 412 ++++++++++++++ 488 files changed, 5587 insertions(+), 5372 deletions(-) create mode 100644 .pre-commit-config.yaml create mode 100644 pyproject.toml delete mode 100644 scripts/.gitignore delete mode 100755 scripts/generate-reference-cli-docs.py create mode 100755 scripts/generate_reference_cli_docs.py rename scripts/{generate-reference-config-docs.py => generate_reference_config_docs.py} (60%) create mode 100644 tasks.d/hugo.yaml create mode 100644 tasks.d/python.yaml create mode 100644 tests/__init__.py create mode 100644 tests/conftest.py create mode 100644 tests/fixtures/split_help_output/basic-help-with-description-and-usage.txt create mode 100644 tests/fixtures/split_help_output/description-already-ends-with-period.txt create mode 100644 tests/fixtures/split_help_output/description-with-lowercase-first-letter-gets-capitalized.txt create mode 100644 tests/fixtures/split_help_output/description-with-multiple-empty-lines-between-paragraphs.txt create mode 100644 tests/fixtures/split_help_output/description-with-only-whitespace-lines.txt create mode 100644 tests/fixtures/split_help_output/description-with-trailing-empty-lines.txt create mode 100644 tests/fixtures/split_help_output/empty-description.txt create mode 100644 tests/fixtures/split_help_output/main-help-includes-global-flags.txt create mode 100644 tests/fixtures/split_help_output/multi-paragraph-description.txt create mode 100644 tests/fixtures/split_help_output/no-usage-line-found.txt create mode 100644 tests/fixtures/split_help_output/non-main-help-truncates-before-global-flags.txt create mode 100644 tests/fixtures/split_help_output/single-character-description.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/basic-help-with-description-and-usage-False/description.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/basic-help-with-description-and-usage-False/details.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-already-ends-with-period-False/description.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-already-ends-with-period-False/details.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-lowercase-first-letter-gets-capitalized-False/description.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-lowercase-first-letter-gets-capitalized-False/details.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-multiple-empty-lines-between-paragraphs-False/description.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-multiple-empty-lines-between-paragraphs-False/details.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-only-whitespace-lines-False/description.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-only-whitespace-lines-False/details.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-trailing-empty-lines-False/description.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-trailing-empty-lines-False/details.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/empty-description-False/description.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/empty-description-False/details.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/main-help-includes-global-flags-True/description.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/main-help-includes-global-flags-True/details.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/multi-paragraph-description-False/description.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/multi-paragraph-description-False/details.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/no-usage-line-found-False/description.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/no-usage-line-found-False/details.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/non-main-help-truncates-before-global-flags-False/description.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/non-main-help-truncates-before-global-flags-False/details.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/single-character-description-False/description.txt create mode 100644 tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/single-character-description-False/details.txt create mode 100644 tests/test_generate_reference_cli_docs.py create mode 100644 uv.lock diff --git a/.github/actions/bootstrap/action.yaml b/.github/actions/bootstrap/action.yaml index 7e3a23ea..1c7e209c 100644 --- a/.github/actions/bootstrap/action.yaml +++ b/.github/actions/bootstrap/action.yaml @@ -20,31 +20,34 @@ inputs: bootstrap-apt-packages: description: "Space delimited list of tools to install via apt" default: "" - python: - description: "Whether to install Python" - required: false - default: "false" python-version: description: "Python version to install" required: false default: "3.11" + uv-version: + description: "UV version to install" + required: true + default: "0.5.16" runs: using: "composite" steps: - name: Setup node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 if: inputs.node-version != '' with: node-version: ${{ inputs.node-version }} cache: 'npm' - - name: Setup Python - uses: actions/setup-python@v5 - if: inputs.python == 'true' + - uses: astral-sh/setup-uv@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 # v6.5.0 + if: inputs.python-version != '' + with: + enable-cache: true + + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + if: inputs.python-version != '' with: python-version: ${{ inputs.python-version }} - cache: 'pip' - name: Restore tool cache if: inputs.tools == 'true' @@ -60,15 +63,10 @@ runs: run: make tools - name: Install dependencies - if: inputs.dependencies == 'true' && inputs.node-version != '' + if: inputs.dependencies == 'true' shell: bash run: make install - - name: Install CI dependencies - if: inputs.dependencies == 'true' && inputs.node-version != '' - shell: bash - run: npm ci - - name: Install apt packages if: inputs.bootstrap-apt-packages != '' shell: bash @@ -77,3 +75,10 @@ runs: run: | IFS=' ' read -ra packages <<< "$APT_PACKAGES" DEBIAN_FRONTEND=noninteractive sudo apt update && sudo -E apt install -y "${packages[@]}" + + - name: Restore ecosystem tool cache + if: inputs.tools == 'true' + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + with: + path: ${{ github.workspace }}/.cache + key: ${{ inputs.cache-key-prefix }}-${{ runner.os }}-ecosystem-tool diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c71be586..6ebc0c8f 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -18,4 +18,4 @@ updates: open-pull-requests-limit: 5 commit-message: prefix: "actions" - include: "scope" \ No newline at end of file + include: "scope" diff --git a/.github/workflows/update-reference-docs.yaml b/.github/workflows/update-reference-docs.yaml index 1de457e8..a9efc216 100644 --- a/.github/workflows/update-reference-docs.yaml +++ b/.github/workflows/update-reference-docs.yaml @@ -9,7 +9,7 @@ on: branches: - main paths: - - 'scripts/generate-reference-*' + - 'scripts/generate_reference_*' - 'tasks.d/generate.yaml' permissions: @@ -31,8 +31,6 @@ jobs: - name: Bootstrap environment uses: ./.github/actions/bootstrap - with: - python: true - name: Generate reference documentation run: | @@ -94,4 +92,4 @@ jobs: automated reference draft: false - delete-branch: true \ No newline at end of file + delete-branch: true diff --git a/.github/workflows/validations.yaml b/.github/workflows/validations.yaml index 3b37424d..dae95e06 100644 --- a/.github/workflows/validations.yaml +++ b/.github/workflows/validations.yaml @@ -28,7 +28,7 @@ jobs: - name: Restore link check cache uses: actions/cache@v4 with: - path: .lycheecache + path: .cache/lychee key: cache-lychee - name: Run validations diff --git a/.github/zizmor.yml b/.github/zizmor.yml index a7d77300..01c57e82 100644 --- a/.github/zizmor.yml +++ b/.github/zizmor.yml @@ -1 +1 @@ -rules: \ No newline at end of file +rules: diff --git a/.gitignore b/.gitignore index 0f2af3fd..9853bf20 100644 --- a/.gitignore +++ b/.gitignore @@ -8,12 +8,17 @@ CLAUDE.md .task .tool tmp/ +TODO.md -# testing -.lycheecache +# cache directories +.cache/ # python +/venv .venv/ +**/__pycache__/ +*.pyc +.coverage # javascript node_modules/ diff --git a/.lychee.toml b/.lychee.toml index de497dda..769c5c23 100644 --- a/.lychee.toml +++ b/.lychee.toml @@ -1,5 +1,5 @@ # note: run with -# lychee -c lychee.toml --root-dir "$(pwd)/public" ./public +# lychee -c .lychee.toml --root-dir "$(pwd)/public" ./public # this only caches external URLs cache = true diff --git a/.markdownlint-cli2.jsonc b/.markdownlint-cli2.jsonc index 8608f3b7..474043fd 100644 --- a/.markdownlint-cli2.jsonc +++ b/.markdownlint-cli2.jsonc @@ -4,4 +4,4 @@ // TODO(alex): the generator needs some work, in the meantime we'll ignore the generated files "content/docs/releases/**/*.md" ] -} \ No newline at end of file +} diff --git a/.markdownlint.jsonc b/.markdownlint.jsonc index d9f06ce3..136add15 100644 --- a/.markdownlint.jsonc +++ b/.markdownlint.jsonc @@ -31,4 +31,4 @@ "MD050": { "style": "asterisk" } -} \ No newline at end of file +} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 00000000..21414105 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,93 @@ +# the default is to run these on commit + push +default_stages: + - pre-push + +repos: + # Universal repository concerns (not stack-specific) + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v2.4.0 + hooks: + # prevent giant files from being committed + - id: check-added-large-files + stages: + - pre-push + + # checks for a common error of placing code before the docstring + - id: check-docstring-first + stages: + - pre-push + + # attempts to load all yaml files to verify syntax + - id: check-yaml + stages: + - pre-push + + # attempts to load all json files to verify syntax + - id: check-json + stages: + - pre-push + + # makes sure files end in a newline and only a newline + - id: end-of-file-fixer + exclude: '^tests/(fixtures|snapshots)/' + stages: + - pre-push + + # trims trailing whitespace + - id: trailing-whitespace + stages: + - pre-push + + # check for files that contain merge conflict strings + - id: check-merge-conflict + stages: + - pre-push + + # simply check whether files parse as valid python + - id: check-ast + stages: + - pre-push + + # check for files with names that would conflict on a case-insensitive filesystem like MacOS HFS+ or Windows FAT + - id: check-case-conflict + stages: + - pre-push + + # # GitHub Actions linting + # - repo: https://github.com/zizmorcore/zizmor-pre-commit + # rev: v1.12.1 + # hooks: + # - id: zizmor + + # Stack-specific hooks (delegates to task namespaces) + - repo: local + hooks: + # Hugo/Node stack + - id: hugo-lint-fix + name: hugo-lint-fix + entry: make hugo:lint-fix + pass_filenames: false + language: system + files: \.(md|html|yaml|toml|css|js)$ + + # Python stack + - id: python-lint-fix + name: python-lint-fix + entry: make python:lint-fix + pass_filenames: false + language: system + files: \.py$ + + - id: python-format + name: python-format + entry: make python:format + pass_filenames: false + language: system + files: \.py$ + + - id: python-types + name: python-types + entry: make python:check-types + pass_filenames: false + language: system + files: \.py$ diff --git a/.prettierignore b/.prettierignore index 0308c22f..e6c9e010 100644 --- a/.prettierignore +++ b/.prettierignore @@ -29,4 +29,4 @@ content/docs/releases/*/v*.md *.woff *.woff2 *.ttf -*.eot \ No newline at end of file +*.eot diff --git a/Makefile b/Makefile index f311ebf5..5d7884c4 100644 --- a/Makefile +++ b/Makefile @@ -37,4 +37,4 @@ $(TASKS): $(TASK) @$(TASK) $@ help: $(TASK) - @$(TASK) -l \ No newline at end of file + @$(TASK) -l diff --git a/Taskfile.yml b/Taskfile.yml index 23ac4f86..66a1dcea 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -2,6 +2,12 @@ version: '3' includes: generate: ./tasks.d/generate.yaml + hugo: ./tasks.d/hugo.yaml + python: ./tasks.d/python.yaml + +env: + MAKEFLAGS: '--no-print-directory' + TASK_TEMP_DIR: .cache/task vars: TOOL_DIR: .tool @@ -54,57 +60,51 @@ tasks: cmd: '{{ .TOOL_DIR }}/binny list --updates' silent: true + # high level tasks + install: desc: Install all development dependencies cmds: - - npm install - - # High-level tasks - build: - desc: Build Hugo site - cmds: - - npm run build + - task: hugo:install + - task: python:install - dev: - desc: Start development environment with live reload + default: + desc: Default task (validate) cmds: - - npm run dev + - task: validate lint: desc: Run all linters cmds: - - npm run lint + - task: python:lint + - task: hugo:lint lint-fix: desc: Auto-fix linting issues where possible cmds: - - npm run lint-fix + - task: python:lint-fix + - task: hugo:lint-fix - validate: - desc: Build and run all validations - cmds: - - npm run validate - - task: links - - links: - desc: Check for broken links in the site + format: + desc: Format all code cmds: - - '{{ .LYCHEE }} -c .lychee.toml --root-dir "{{ .USER_WORKING_DIR }}/public" ./public --offline' + - task: python:format - clean: - desc: Clean build artifacts + test: + desc: Run all tests cmds: - - npm run clean + - task: python:test - # Content management - update-release-notes: - desc: Generate release notes for all projects - dir: scripts + unit: + desc: Run all unit tests cmds: - - ./generate-release-notes.sh + - task: python:unit - update-adopters: - desc: Update adopters information - dir: scripts + validate: + desc: Run all validation tasks cmds: - - ./generate-adopters-info.sh + # run linters for high and low level concerns across stacks + - uv run pre-commit run -a --hook-stage push + # per-stack tests + - task: python:test + - task: hugo:test diff --git a/content/docs/contributing/_index.md b/content/docs/contributing/_index.md index 517234a4..208304f0 100644 --- a/content/docs/contributing/_index.md +++ b/content/docs/contributing/_index.md @@ -1,8 +1,8 @@ -+++ -title = "Contributing" ++++ +title = "Contributing" tags = ["syft", "grype", "grant", "grype-db", "vunnel", "stereoscope"] -description = "Guidelines for developing & contributing to Anchore Open Source projects" -weight = 20 +description = "Guidelines for developing & contributing to Anchore Open Source projects" +weight = 20 url = "docs/contributing" +++ diff --git a/content/docs/contributing/syft/_index.md b/content/docs/contributing/syft/_index.md index 26337f52..04fa7717 100644 --- a/content/docs/contributing/syft/_index.md +++ b/content/docs/contributing/syft/_index.md @@ -271,7 +271,7 @@ rough outline how that works: for in-depth testing of code in the `cmd/` package (such as testing the proper behavior of application configuration, CLI switches, and glue code before syft library calls). -- `acceptance`: located within `test/compare` and `test/install`, these are smoke-like tests that ensure that application +- `acceptance`: located within `test/compare` and `test/install`, these are smoke-like tests that ensure that application packaging and installation works as expected. For example, during release we provide RPM packages as a download artifact. We also have an accompanying RPM acceptance test that installs the RPM from a snapshot build and ensures the output of a syft invocation matches canned expected output. New acceptance tests should be added for each release artifact diff --git a/content/docs/reference/_index.md b/content/docs/reference/_index.md index fa67f37c..7d7123b2 100644 --- a/content/docs/reference/_index.md +++ b/content/docs/reference/_index.md @@ -1,5 +1,5 @@ -+++ -title = "Reference" ++++ +title = "Reference" description = "Reference for Anchore OSS Tools" weight = 60 url = "reference" diff --git a/content/docs/reference/commands/grype.md b/content/docs/reference/commands/grype.md index fd13b496..c43dad6d 100644 --- a/content/docs/reference/commands/grype.md +++ b/content/docs/reference/commands/grype.md @@ -7,22 +7,9 @@ categories = ['reference'] url = "docs/reference/commands/grype" +++ -### `grype version` - -``` -Application: grype -Version: 0.100.0 -BuildDate: 2025-09-15T21:51:57Z -GitCommit: 088112b26e638c139a513f387f7a6e51f1a8b76d -GitDescription: v0.100.0 -Platform: linux/arm64 -GoVersion: go1.24.7 -Compiler: gc -Syft Version: v1.33.0 -Supported DB Schema: 6 -``` - -### `grype help` +{{< alert title="Note" >}} +This documentation was generated from Grype version `0.100.0`. +{{< /alert >}} ``` A vulnerability scanner for container images, filesystems, and SBOMs. @@ -91,290 +78,27 @@ Use "grype [command] --help" for more information about a command. ### `grype config` -``` -log: - # suppress all logging output (env: GRYPE_LOG_QUIET) - quiet: false - - # explicitly set the logging level (available: [error warn info debug trace]) (env: GRYPE_LOG_LEVEL) - level: 'warn' - - # file path to write logs to (env: GRYPE_LOG_FILE) - file: '' - -dev: - # capture resource profiling data (available: [cpu, mem]) (env: GRYPE_DEV_PROFILE) - profile: '' - - db: - # (env: GRYPE_DEV_DB_DEBUG) - debug: false - -# the output format of the vulnerability report (options: table, template, json, cyclonedx) -# when using template as the output type, you must also provide a value for 'output-template-file' (env: GRYPE_OUTPUT) -output: [] - -# if using template output, you must provide a path to a Go template file -# see https://github.com/anchore/grype#using-templates for more information on template output -# the default path to the template file is the current working directory -# output-template-file: .grype/html.tmpl -# -# write output report to a file (default is to write to stdout) (env: GRYPE_FILE) -file: '' - -# pretty-print output (env: GRYPE_PRETTY) -pretty: false - -# distro to match against in the format: : (env: GRYPE_DISTRO) -distro: '' - -# generate CPEs for packages with no CPE data (env: GRYPE_ADD_CPES_IF_NONE) -add-cpes-if-none: false - -# specify the path to a Go template file (requires 'template' output to be selected) (env: GRYPE_OUTPUT_TEMPLATE_FILE) -output-template-file: '' - -# enable/disable checking for application updates on startup (env: GRYPE_CHECK_FOR_APP_UPDATE) -check-for-app-update: true - -# ignore matches for vulnerabilities that are not fixed (env: GRYPE_ONLY_FIXED) -only-fixed: false - -# ignore matches for vulnerabilities that are fixed (env: GRYPE_ONLY_NOTFIXED) -only-notfixed: false - -# ignore matches for vulnerabilities with specified comma separated fix states, options=[fixed not-fixed unknown wont-fix] (env: GRYPE_IGNORE_WONTFIX) -ignore-wontfix: '' - -# an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux') (env: GRYPE_PLATFORM) -platform: '' - -search: - # selection of layers to analyze, options=[squashed all-layers deep-squashed] (env: GRYPE_SEARCH_SCOPE) - scope: 'squashed' - - # search within archives that do not contain a file index to search against (tar, tar.gz, tar.bz2, etc) - # note: enabling this may result in a performance impact since all discovered compressed tars will be decompressed - # note: for now this only applies to the java package cataloger (env: GRYPE_SEARCH_UNINDEXED_ARCHIVES) - unindexed-archives: false - - # search within archives that do contain a file index to search against (zip) - # note: for now this only applies to the java package cataloger (env: GRYPE_SEARCH_INDEXED_ARCHIVES) - indexed-archives: true - -# A list of vulnerability ignore rules, one or more property may be specified and all matching vulnerabilities will be ignored. -# This is the full set of supported rule fields: -# - vulnerability: CVE-2008-4318 -# fix-state: unknown -# package: -# name: libcurl -# version: 1.5.1 -# type: npm -# location: "/usr/local/lib/node_modules/**" -# -# VEX fields apply when Grype reads vex data: -# - vex-status: not_affected -# vex-justification: vulnerable_code_not_present -ignore: [] - -# a list of globs to exclude from scanning, for example: -# - '/etc/**' -# - './out/**/*.json' -# same as --exclude (env: GRYPE_EXCLUDE) -exclude: [] - -external-sources: - # enable Grype searching network source for additional information (env: GRYPE_EXTERNAL_SOURCES_ENABLE) - enable: false - - maven: - # search for Maven artifacts by SHA1 (env: GRYPE_EXTERNAL_SOURCES_MAVEN_SEARCH_MAVEN_UPSTREAM) - search-maven-upstream: true - - # base URL of the Maven repository to search (env: GRYPE_EXTERNAL_SOURCES_MAVEN_BASE_URL) - base-url: 'https://search.maven.org/solrsearch/select' - - # (env: GRYPE_EXTERNAL_SOURCES_MAVEN_RATE_LIMIT) - rate-limit: 300ms - -match: - java: - # use CPE matching to find vulnerabilities (env: GRYPE_MATCH_JAVA_USING_CPES) - using-cpes: false - - jvm: - # (env: GRYPE_MATCH_JVM_USING_CPES) - using-cpes: true - - dotnet: - # use CPE matching to find vulnerabilities (env: GRYPE_MATCH_DOTNET_USING_CPES) - using-cpes: false - - golang: - # use CPE matching to find vulnerabilities (env: GRYPE_MATCH_GOLANG_USING_CPES) - using-cpes: false - - # use CPE matching to find vulnerabilities for the Go standard library (env: GRYPE_MATCH_GOLANG_ALWAYS_USE_CPE_FOR_STDLIB) - always-use-cpe-for-stdlib: true - - # allow comparison between main module pseudo-versions (e.g. v0.0.0-20240413-2b432cf643...) (env: GRYPE_MATCH_GOLANG_ALLOW_MAIN_MODULE_PSEUDO_VERSION_COMPARISON) - allow-main-module-pseudo-version-comparison: false - - javascript: - # use CPE matching to find vulnerabilities (env: GRYPE_MATCH_JAVASCRIPT_USING_CPES) - using-cpes: false - - python: - # use CPE matching to find vulnerabilities (env: GRYPE_MATCH_PYTHON_USING_CPES) - using-cpes: false - - ruby: - # use CPE matching to find vulnerabilities (env: GRYPE_MATCH_RUBY_USING_CPES) - using-cpes: false - - rust: - # use CPE matching to find vulnerabilities (env: GRYPE_MATCH_RUST_USING_CPES) - using-cpes: false - - stock: - # use CPE matching to find vulnerabilities (env: GRYPE_MATCH_STOCK_USING_CPES) - using-cpes: true - -# upon scanning, if a severity is found at or above the given severity then the return code will be 1 -# default is unset which will skip this validation (options: negligible, low, medium, high, critical) (env: GRYPE_FAIL_ON_SEVERITY) -fail-on-severity: '' - -registry: - # skip TLS verification when communicating with the registry (env: GRYPE_REGISTRY_INSECURE_SKIP_TLS_VERIFY) - insecure-skip-tls-verify: false - - # use http instead of https when connecting to the registry (env: GRYPE_REGISTRY_INSECURE_USE_HTTP) - insecure-use-http: false - - # Authentication credentials for specific registries. Each entry describes authentication for a specific authority: - # - authority: the registry authority URL the URL to the registry (e.g. "docker.io", "localhost:5000", etc.) (env: SYFT_REGISTRY_AUTH_AUTHORITY) - # username: a username if using basic credentials (env: SYFT_REGISTRY_AUTH_USERNAME) - # password: a corresponding password (env: SYFT_REGISTRY_AUTH_PASSWORD) - # token: a token if using token-based authentication, mutually exclusive with username/password (env: SYFT_REGISTRY_AUTH_TOKEN) - # tls-cert: filepath to the client certificate used for TLS authentication to the registry (env: SYFT_REGISTRY_AUTH_TLS_CERT) - # tls-key: filepath to the client key used for TLS authentication to the registry (env: SYFT_REGISTRY_AUTH_TLS_KEY) - auth: [] - - # filepath to a CA certificate (or directory containing *.crt, *.cert, *.pem) used to generate the client certificate (env: GRYPE_REGISTRY_CA_CERT) - ca-cert: '' - -# show suppressed/ignored vulnerabilities in the output (only supported with table output format) (env: GRYPE_SHOW_SUPPRESSED) -show-suppressed: false - -# orient results by CVE instead of the original vulnerability ID when possible (env: GRYPE_BY_CVE) -by-cve: false - -# sort the match results with the given strategy, options=[package severity epss risk kev vulnerability] (env: GRYPE_SORT_BY) -sort-by: 'risk' - -# same as --name; set the name of the target being analyzed (env: GRYPE_NAME) -name: '' - -# allows users to specify which image source should be used to generate the sbom -# valid values are: registry, docker, podman (env: GRYPE_DEFAULT_IMAGE_PULL_SOURCE) -default-image-pull-source: '' - -# a list of VEX documents to consider when producing scanning results (env: GRYPE_VEX_DOCUMENTS) -vex-documents: [] - -# VEX statuses to consider as ignored rules (env: GRYPE_VEX_ADD) -vex-add: [] - -# match kernel-header packages with upstream kernel as kernel vulnerabilities (env: GRYPE_MATCH_UPSTREAM_KERNEL_HEADERS) -match-upstream-kernel-headers: false - -fix-channel: - redhat-eus: - # whether fixes from this channel should be considered, options are "never", "always", or "auto" (conditionally applied based on SBOM data) (env: GRYPE_FIX_CHANNEL_REDHAT_EUS_APPLY) - apply: 'auto' - - # (env: GRYPE_FIX_CHANNEL_REDHAT_EUS_VERSIONS) - versions: '>= 8.0' - -# (env: GRYPE_TIMESTAMP) -timestamp: true - -db: - # location to write the vulnerability database cache (env: GRYPE_DB_CACHE_DIR) - cache-dir: '~.cache~grype~db' - - # URL of the vulnerability database (env: GRYPE_DB_UPDATE_URL) - update-url: 'https://grype.anchore.io/databases' - - # certificate to trust download the database and listing file (env: GRYPE_DB_CA_CERT) - ca-cert: '' - - # check for database updates on execution (env: GRYPE_DB_AUTO_UPDATE) - auto-update: true - - # validate the database matches the known hash each execution (env: GRYPE_DB_VALIDATE_BY_HASH_ON_START) - validate-by-hash-on-start: true +Show the grype configuration. - # ensure db build is no older than the max-allowed-built-age (env: GRYPE_DB_VALIDATE_AGE) - validate-age: true - - # Max allowed age for vulnerability database, - # age being the time since it was built - # Default max age is 120h (or five days) (env: GRYPE_DB_MAX_ALLOWED_BUILT_AGE) - max-allowed-built-age: 120h0m0s - - # fail the scan if unable to check for database updates (env: GRYPE_DB_REQUIRE_UPDATE_CHECK) - require-update-check: false - - # Timeout for downloading GRYPE_DB_UPDATE_URL to see if the database needs to be downloaded - # This file is ~156KiB as of 2024-04-17 so the download should be quick; adjust as needed (env: GRYPE_DB_UPDATE_AVAILABLE_TIMEOUT) - update-available-timeout: 30s - - # Timeout for downloading actual vulnerability DB - # The DB is ~156MB as of 2024-04-17 so slower connections may exceed the default timeout; adjust as needed (env: GRYPE_DB_UPDATE_DOWNLOAD_TIMEOUT) - update-download-timeout: 5m0s - - # Maximum frequency to check for vulnerability database updates (env: GRYPE_DB_MAX_UPDATE_CHECK_FREQUENCY) - max-update-check-frequency: 2h0m0s - -exp: ``` - -### `grype db` - -``` -vulnerability database operations - Usage: - grype db [command] + grype config [flags] + grype config [command] Available Commands: - check Check to see if there is a database update available - delete Delete the vulnerability database - import Import a vulnerability database or archive from a local file or URL - list List all DBs available according to the listing URL - providers List vulnerability providers that are in the database - search Search the DB for vulnerabilities or affected packages - status Display database status and metadata - update Download and install the latest vulnerability database + locations shows all locations and the order in which grype will look for a configuration file Flags: - -h, --help help for db - -Global Flags: - -c, --config stringArray grype configuration file(s) to use - --profile stringArray configuration profiles to use - -q, --quiet suppress all logging output - -v, --verbose count increase verbosity (-v = info, -vv = debug) + -h, --help help for config + --load load and validate the grype configuration -Use "grype db [command] --help" for more information about a command. ``` ### `grype db check` -``` -Check to see if there is a database update available +Check to see if there is a database update available. +``` Usage: grype db check [flags] @@ -382,55 +106,41 @@ Flags: -h, --help help for check -o, --output string format to display results (available=[text, json]) (default "text") -Global Flags: - -c, --config stringArray grype configuration file(s) to use - --profile stringArray configuration profiles to use - -q, --quiet suppress all logging output - -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` ### `grype db delete` -``` -Delete the vulnerability database +Delete the vulnerability database. +``` Usage: grype db delete [flags] Flags: -h, --help help for delete -Global Flags: - -c, --config stringArray grype configuration file(s) to use - --profile stringArray configuration profiles to use - -q, --quiet suppress all logging output - -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` ### `grype db import` -``` -import a vulnerability database archive from a local FILE or URL. -DB archives can be obtained from "https://grype.anchore.io/databases" (or running `db list`). If the URL has a `checksum` query parameter with a fully qualified digest (e.g. 'sha256:abc728...') then the archive/DB will be verified against this value. +Import a vulnerability database archive from a local FILE or URL. +DB archives can be obtained from "" (or running `db list`). If the URL has a `checksum` query parameter with a fully qualified digest (e.g. 'sha256:abc728...') then the archive/DB will be verified against this value. + +``` Usage: grype db import FILE | URL [flags] Flags: -h, --help help for import -Global Flags: - -c, --config stringArray grype configuration file(s) to use - --profile stringArray configuration profiles to use - -q, --quiet suppress all logging output - -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` ### `grype db list` -``` -List all DBs available according to the listing URL +List all DBs available according to the listing URL. +``` Usage: grype db list [flags] @@ -438,18 +148,13 @@ Flags: -h, --help help for list -o, --output string format to display results (available=[text, raw, json]) (default "text") -Global Flags: - -c, --config stringArray grype configuration file(s) to use - --profile stringArray configuration profiles to use - -q, --quiet suppress all logging output - -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` ### `grype db providers` -``` -List vulnerability providers that are in the database +List vulnerability providers that are in the database. +``` Usage: grype db providers [flags] @@ -457,18 +162,13 @@ Flags: -h, --help help for providers -o, --output string format to display results (available=[table, json]) (default "table") -Global Flags: - -c, --config stringArray grype configuration file(s) to use - --profile stringArray configuration profiles to use - -q, --quiet suppress all logging output - -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` ### `grype db search` -``` -Search the DB for vulnerabilities or affected packages +Search the DB for vulnerabilities or affected packages. +``` Usage: grype db search [flags] grype db search [command] @@ -512,20 +212,13 @@ Flags: --published-after string only show vulnerabilities originally published after the given date (format: YYYY-MM-DD) --vuln stringArray only show results for the given vulnerability ID -Global Flags: - -c, --config stringArray grype configuration file(s) to use - --profile stringArray configuration profiles to use - -q, --quiet suppress all logging output - -v, --verbose count increase verbosity (-v = info, -vv = debug) - -Use "grype db search [command] --help" for more information about a command. ``` ### `grype db status` -``` -Display database status and metadata +Display database status and metadata. +``` Usage: grype db status [flags] @@ -533,36 +226,26 @@ Flags: -h, --help help for status -o, --output string format to display results (available=[text, json]) (default "text") -Global Flags: - -c, --config stringArray grype configuration file(s) to use - --profile stringArray configuration profiles to use - -q, --quiet suppress all logging output - -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` ### `grype db update` -``` -Download and install the latest vulnerability database +Download and install the latest vulnerability database. +``` Usage: grype db update [flags] Flags: -h, --help help for update -Global Flags: - -c, --config stringArray grype configuration file(s) to use - --profile stringArray configuration profiles to use - -q, --quiet suppress all logging output - -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` ### `grype explain` -``` -Ask grype to explain a set of findings +Ask grype to explain a set of findings. +``` Usage: grype explain --id [VULNERABILITY ID] [flags] @@ -570,9 +253,18 @@ Flags: -h, --help help for explain --id stringArray CVE IDs to explain -Global Flags: - -c, --config stringArray grype configuration file(s) to use - --profile stringArray configuration profiles to use - -q, --quiet suppress all logging output - -v, --verbose count increase verbosity (-v = info, -vv = debug) +``` + +### `grype version` + +Show version information. + +``` +Usage: + grype version [flags] + +Flags: + -h, --help help for version + -o, --output string the format to show the results (allowable: [text json]) (default "text") + ``` diff --git a/content/docs/reference/commands/syft.md b/content/docs/reference/commands/syft.md index 81359016..d0b2d302 100644 --- a/content/docs/reference/commands/syft.md +++ b/content/docs/reference/commands/syft.md @@ -7,21 +7,9 @@ categories = ['reference'] url = "docs/reference/commands/syft" +++ -### `syft version` - -``` -Application: syft -Version: 1.33.0 -BuildDate: 2025-09-15T20:38:16Z -GitCommit: b87b9191497c2d410b42c05591347d428129fd2a -GitDescription: v1.33.0 -Platform: linux/arm64 -GoVersion: go1.24.7 -Compiler: gc -SchemaVersion: 16.0.39 -``` - -### `syft help` +{{< alert title="Note" >}} +This documentation was generated from Syft version `1.33.0`. +{{< /alert >}} ``` Generate a packaged-based Software Bill Of Materials (SBOM) from container images and filesystems @@ -97,9 +85,9 @@ Use "syft [command] --help" for more information about a command. ### `syft attest` -``` -Generate a packaged-based Software Bill Of Materials (SBOM) from a container image as the predicate of an in-toto attestation that will be uploaded to the image registry +Generate a packaged-based Software Bill Of Materials (SBOM) from a container image as the predicate of an in-toto attestation that will be uploaded to the image registry. +``` Usage: syft attest --output [FORMAT] [flags] @@ -133,473 +121,48 @@ Flags: --source-supplier string the organization that supplied the component, which often may be the manufacturer, distributor, or repackager --source-version string set the version of the target being analyzed -Global Flags: - -c, --config stringArray syft configuration file(s) to use - --profile stringArray configuration profiles to use - -q, --quiet suppress all logging output - -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` -### `syft cataloger` +### `syft cataloger list` -``` -Show available catalogers and configuration +List available catalogers. +``` Usage: - syft cataloger [command] - -Available Commands: - list List available catalogers + syft cataloger list [OPTIONS] [flags] Flags: - -h, --help help for cataloger - -Global Flags: - -c, --config stringArray syft configuration file(s) to use - --profile stringArray configuration profiles to use - -q, --quiet suppress all logging output - -v, --verbose count increase verbosity (-v = info, -vv = debug) + -h, --help help for list + -o, --output string format to output the cataloger list (available: table, json) + --override-default-catalogers stringArray override the default catalogers with an expression (default [all]) + --select-catalogers stringArray select catalogers with an expression + -s, --show-hidden show catalogers that have been de-selected -Use "syft cataloger [command] --help" for more information about a command. -``` - -### `syft cataloger list` - -``` -Default selections: 1 - • 'all' -Selection expressions: 0 -┌───────────────────────────┬───────────────────────┐ -│ FILE CATALOGER │ TAGS │ -├───────────────────────────┼───────────────────────┤ -│ file-content-cataloger │ content, file │ -│ file-digest-cataloger │ digest, file │ -│ file-executable-cataloger │ binary-metadata, file │ -│ file-metadata-cataloger │ file, file-metadata │ -└───────────────────────────┴───────────────────────┘ -┌────────────────────────────────────────┬──────────────────────────────────────────────────────────────────────────────────┐ -│ PACKAGE CATALOGER │ TAGS │ -├────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────┤ -│ alpm-db-cataloger │ alpm, archlinux, directory, image, installed, linux, os, package │ -│ apk-db-cataloger │ alpine, apk, directory, image, installed, linux, os, package │ -│ binary-classifier-cataloger │ binary, declared, directory, image, installed, package │ -│ bitnami-cataloger │ bitnami, image, installed, package │ -│ cargo-auditable-binary-cataloger │ binary, directory, image, installed, language, package, rust │ -│ cocoapods-cataloger │ cocoapods, declared, directory, language, package, swift │ -│ conan-cataloger │ conan, cpp, declared, directory, language, package │ -│ conan-info-cataloger │ conan, cpp, image, installed, language, package │ -│ conda-meta-cataloger │ conda, directory, installed, package │ -│ dart-pubspec-cataloger │ dart, declared, directory, language, package │ -│ dart-pubspec-lock-cataloger │ dart, declared, directory, language, package │ -│ deb-archive-cataloger │ deb, debian, declared, directory, linux, os, package │ -│ dotnet-deps-binary-cataloger │ c#, directory, dotnet, image, installed, language, package │ -│ dotnet-deps-cataloger │ deprecated, package │ -│ dotnet-packages-lock-cataloger │ c#, declared, directory, dotnet, image, language, package │ -│ dotnet-portable-executable-cataloger │ deprecated, package │ -│ dpkg-db-cataloger │ debian, directory, dpkg, image, installed, linux, os, package │ -│ elf-binary-package-cataloger │ binary, declared, directory, elf, elf-package, image, installed, package │ -│ elixir-mix-lock-cataloger │ declared, directory, elixir, language, package │ -│ erlang-otp-application-cataloger │ declared, directory, erlang, language, otp, package │ -│ erlang-rebar-lock-cataloger │ declared, directory, erlang, language, package │ -│ github-action-workflow-usage-cataloger │ declared, directory, github, github-actions, package │ -│ github-actions-usage-cataloger │ declared, directory, github, github-actions, package │ -│ go-module-binary-cataloger │ binary, directory, go, golang, gomod, image, installed, language, package │ -│ go-module-file-cataloger │ declared, directory, go, golang, gomod, language, package │ -│ graalvm-native-image-cataloger │ directory, image, installed, java, language, package │ -│ haskell-cataloger │ cabal, declared, directory, hackage, haskell, language, package │ -│ homebrew-cataloger │ directory, homebrew, image, installed, package │ -│ java-archive-cataloger │ directory, image, installed, java, language, maven, package │ -│ java-gradle-lockfile-cataloger │ declared, directory, gradle, java, language, package │ -│ java-jvm-cataloger │ declared, directory, image, installed, java, jdk, jre, jvm, package │ -│ java-pom-cataloger │ declared, directory, java, language, maven, package │ -│ javascript-lock-cataloger │ declared, directory, javascript, language, node, npm, package │ -│ javascript-package-cataloger │ image, installed, javascript, language, node, package │ -│ linux-kernel-cataloger │ declared, directory, image, installed, kernel, linux, package │ -│ lua-rock-cataloger │ directory, image, installed, language, lua, package │ -│ nix-cataloger │ directory, image, installed, language, nix, package │ -│ nix-store-cataloger │ deprecated, package │ -│ opam-cataloger │ declared, directory, language, ocaml, opam, package │ -│ pe-binary-package-cataloger │ binary, declared, directory, dll, exe, image, installed, package, pe, pe-package │ -│ php-composer-installed-cataloger │ composer, image, installed, language, package, php │ -│ php-composer-lock-cataloger │ composer, declared, directory, language, package, php │ -│ php-interpreter-cataloger │ binary, declared, directory, image, installed, package, php │ -│ php-pear-serialized-cataloger │ declared, directory, image, language, package, pear, php │ -│ php-pecl-serialized-cataloger │ deprecated, package │ -│ portage-cataloger │ directory, gentoo, image, installed, linux, os, package, portage │ -│ python-installed-package-cataloger │ directory, image, installed, language, package, python │ -│ python-package-cataloger │ declared, directory, language, package, python │ -│ r-package-cataloger │ directory, image, installed, language, package, r │ -│ rpm-archive-cataloger │ declared, directory, linux, os, package, redhat, rpm │ -│ rpm-db-cataloger │ directory, image, installed, linux, os, package, redhat, rpm │ -│ ruby-gemfile-cataloger │ declared, directory, gem, language, package, ruby │ -│ ruby-gemspec-cataloger │ declared, directory, gem, gemspec, language, package, ruby │ -│ ruby-installed-gemspec-cataloger │ gem, gemspec, image, installed, language, package, ruby │ -│ rust-cargo-lock-cataloger │ cargo, declared, directory, language, package, rust │ -│ sbom-cataloger │ package, sbom │ -│ swift-package-manager-cataloger │ declared, directory, language, package, spm, swift │ -│ swipl-pack-cataloger │ declared, directory, language, pack, package, swipl │ -│ terraform-lock-cataloger │ declared, directory, package, terraform │ -│ wordpress-plugins-cataloger │ directory, image, package, wordpress │ -└────────────────────────────────────────┴──────────────────────────────────────────────────────────────────────────────────┘ ``` ### `syft config` -``` -log: - # suppress all logging output (env: SYFT_LOG_QUIET) - quiet: false - - # increase verbosity (-v = info, -vv = debug) (env: SYFT_LOG_VERBOSITY) - verbosity: 0 - - # explicitly set the logging level (available: [error warn info debug trace]) (env: SYFT_LOG_LEVEL) - level: 'warn' - - # file path to write logs to (env: SYFT_LOG_FILE) - file: '' - -dev: - # capture resource profiling data (available: [cpu, mem]) (env: SYFT_DEV_PROFILE) - profile: '' - -# the configuration file(s) used to load application configuration (env: SYFT_CONFIG) -config: '' - -# the output format(s) of the SBOM report (options: syft-table, syft-text, syft-json, spdx-json, ...) -# to specify multiple output files in differing formats, use a list: -# output: -# - "syft-json=" -# - "spdx-json=" (env: SYFT_OUTPUT) -output: - - 'syft-table' - -# file to write the default report output to (default is STDOUT) (env: SYFT_LEGACYFILE) -legacyFile: '' - -format: - # default value for all formats that support the "pretty" option (default is unset) (env: SYFT_FORMAT_PRETTY) - pretty: - - template: - # path to the template file to use when rendering the output with the template output format. - # Note that all template paths are based on the current syft-json schema (env: SYFT_FORMAT_TEMPLATE_PATH) - path: '' - - # if true, uses the go structs for the syft-json format for templating. - # if false, uses the syft-json output for templating (which follows the syft JSON schema exactly). - # - # Note: long term support for this option is not guaranteed (it may change or break at any time) (env: SYFT_FORMAT_TEMPLATE_LEGACY) - legacy: false - - json: - # transform any syft-json output to conform to an approximation of the v11.0.1 schema. This includes: - # - using the package metadata type names from before v12 of the JSON schema (changed in https://github.com/anchore/syft/pull/1983) - # - # Note: this will still include package types and fields that were added at or after json schema v12. This means - # that output might not strictly be json schema v11 compliant, however, for consumers that require time to port - # over to the final syft 1.0 json output this option can be used to ease the transition. - # - # Note: long term support for this option is not guaranteed (it may change or break at any time) (env: SYFT_FORMAT_JSON_LEGACY) - legacy: false - - # include space indentation and newlines - # note: inherits default value from 'format.pretty' or 'false' if parent is unset (env: SYFT_FORMAT_JSON_PRETTY) - pretty: - - spdx-json: - # include space indentation and newlines - # note: inherits default value from 'format.pretty' or 'false' if parent is unset (env: SYFT_FORMAT_SPDX_JSON_PRETTY) - pretty: - - cyclonedx-json: - # include space indentation and newlines - # note: inherits default value from 'format.pretty' or 'false' if parent is unset (env: SYFT_FORMAT_CYCLONEDX_JSON_PRETTY) - pretty: - - cyclonedx-xml: - # include space indentation and newlines - # note: inherits default value from 'format.pretty' or 'false' if parent is unset (env: SYFT_FORMAT_CYCLONEDX_XML_PRETTY) - pretty: - -# whether to check for an application update on start up or not (env: SYFT_CHECK_FOR_APP_UPDATE) -check-for-app-update: true - -# enable one or more package catalogers (env: SYFT_CATALOGERS) -catalogers: [] - -# set the base set of catalogers to use (defaults to 'image' or 'directory' depending on the scan source) (env: SYFT_DEFAULT_CATALOGERS) -default-catalogers: [] - -# add, remove, and filter the catalogers to be used (env: SYFT_SELECT_CATALOGERS) -select-catalogers: [] - -package: - # search within archives that do not contain a file index to search against (tar, tar.gz, tar.bz2, etc) - # note: enabling this may result in a performance impact since all discovered compressed tars will be decompressed - # note: for now this only applies to the java package cataloger (env: SYFT_PACKAGE_SEARCH_UNINDEXED_ARCHIVES) - search-unindexed-archives: false - - # search within archives that do contain a file index to search against (zip) - # note: for now this only applies to the java package cataloger (env: SYFT_PACKAGE_SEARCH_INDEXED_ARCHIVES) - search-indexed-archives: true - - # allows users to exclude synthetic binary packages from the sbom - # these packages are removed if an overlap with a non-synthetic package is found (env: SYFT_PACKAGE_EXCLUDE_BINARY_OVERLAP_BY_OWNERSHIP) - exclude-binary-overlap-by-ownership: true - -license: - # include the content of licenses in the SBOM for a given syft scan; valid values are: [all unknown none] (env: SYFT_LICENSE_CONTENT) - content: 'none' - - # adjust the percent as a fraction of the total text, in normalized words, that - # matches any valid license for the given inputs, expressed as a percentage across all of the licenses matched. (env: SYFT_LICENSE_COVERAGE) - coverage: 75 - -file: - metadata: - # select which files should be captured by the file-metadata cataloger and included in the SBOM. - # Options include: - # - "all": capture all files from the search space - # - "owned-by-package": capture only files owned by packages - # - "none", "": do not capture any files (env: SYFT_FILE_METADATA_SELECTION) - selection: 'owned-by-package' - - # the file digest algorithms to use when cataloging files (options: "md5", "sha1", "sha224", "sha256", "sha384", "sha512") (env: SYFT_FILE_METADATA_DIGESTS) - digests: - - 'sha1' - - 'sha256' - - content: - # skip searching a file entirely if it is above the given size (default = 1MB; unit = bytes) (env: SYFT_FILE_CONTENT_SKIP_FILES_ABOVE_SIZE) - skip-files-above-size: 256000 - - # file globs for the cataloger to match on (env: SYFT_FILE_CONTENT_GLOBS) - globs: [] - - executable: - # file globs for the cataloger to match on (env: SYFT_FILE_EXECUTABLE_GLOBS) - globs: [] - -# selection of layers to catalog, options=[squashed all-layers deep-squashed] (env: SYFT_SCOPE) -scope: 'squashed' - -# number of cataloger workers to run in parallel -# by default, when set to 0: this will be based on runtime.NumCPU * 4, if set to less than 0 it will be unbounded (env: SYFT_PARALLELISM) -parallelism: 0 - -relationships: - # include package-to-file relationships that indicate which files are owned by which packages (env: SYFT_RELATIONSHIPS_PACKAGE_FILE_OWNERSHIP) - package-file-ownership: true - - # include package-to-package relationships that indicate one package is owned by another due to files claimed to be owned by one package are also evidence of another package's existence (env: SYFT_RELATIONSHIPS_PACKAGE_FILE_OWNERSHIP_OVERLAP) - package-file-ownership-overlap: true - -compliance: - # action to take when a package is missing a name (env: SYFT_COMPLIANCE_MISSING_NAME) - missing-name: 'drop' - - # action to take when a package is missing a version (env: SYFT_COMPLIANCE_MISSING_VERSION) - missing-version: 'stub' - -# Enable data enrichment operations, which can utilize services such as Maven Central and NPM. -# By default all enrichment is disabled, use: all to enable everything. -# Available options are: all, golang, java, javascript (env: SYFT_ENRICH) -enrich: [] - -dotnet: - # only keep dep.json packages which an executable on disk is found. The package is also included if a DLL is found for any child package, even if the package itself does not have a DLL. (env: SYFT_DOTNET_DEP_PACKAGES_MUST_HAVE_DLL) - dep-packages-must-have-dll: false - - # only keep dep.json packages which have a runtime/resource DLL claimed in the deps.json targets section (but not necessarily found on disk). The package is also included if any child package claims a DLL, even if the package itself does not claim a DLL. (env: SYFT_DOTNET_DEP_PACKAGES_MUST_CLAIM_DLL) - dep-packages-must-claim-dll: true - - # treat DLL claims or on-disk evidence for child packages as DLL claims or on-disk evidence for any parent package (env: SYFT_DOTNET_PROPAGATE_DLL_CLAIMS_TO_PARENTS) - propagate-dll-claims-to-parents: true - - # show all packages from the deps.json if bundling tooling is present as a dependency (e.g. ILRepack) (env: SYFT_DOTNET_RELAX_DLL_CLAIMS_WHEN_BUNDLING_DETECTED) - relax-dll-claims-when-bundling-detected: true - -golang: - # search for go package licences in the GOPATH of the system running Syft, note that this is outside the - # container filesystem and potentially outside the root of a local directory scan (env: SYFT_GOLANG_SEARCH_LOCAL_MOD_CACHE_LICENSES) - search-local-mod-cache-licenses: - - # specify an explicit go mod cache directory, if unset this defaults to $GOPATH/pkg/mod or $HOME/go/pkg/mod (env: SYFT_GOLANG_LOCAL_MOD_CACHE_DIR) - local-mod-cache-dir: '~go~pkg~mod' - - # search for go package licences in the vendor folder on the system running Syft, note that this is outside the - # container filesystem and potentially outside the root of a local directory scan (env: SYFT_GOLANG_SEARCH_LOCAL_VENDOR_LICENSES) - search-local-vendor-licenses: - - # specify an explicit go vendor directory, if unset this defaults to ./vendor (env: SYFT_GOLANG_LOCAL_VENDOR_DIR) - local-vendor-dir: '' - - # search for go package licences by retrieving the package from a network proxy (env: SYFT_GOLANG_SEARCH_REMOTE_LICENSES) - search-remote-licenses: - - # remote proxy to use when retrieving go packages from the network, - # if unset this defaults to $GOPROXY followed by https://proxy.golang.org (env: SYFT_GOLANG_PROXY) - proxy: 'https://proxy.golang.org,direct' - - # specifies packages which should not be fetched by proxy - # if unset this defaults to $GONOPROXY (env: SYFT_GOLANG_NO_PROXY) - no-proxy: '' - - main-module-version: - # look for LD flags that appear to be setting a version (e.g. -X main.version=1.0.0) (env: SYFT_GOLANG_MAIN_MODULE_VERSION_FROM_LD_FLAGS) - from-ld-flags: true - - # search for semver-like strings in the binary contents (env: SYFT_GOLANG_MAIN_MODULE_VERSION_FROM_CONTENTS) - from-contents: false - - # use the build settings (e.g. vcs.version & vcs.time) to craft a v0 pseudo version - # (e.g. v0.0.0-20220308212642-53e6d0aaf6fb) when a more accurate version cannot be found otherwise (env: SYFT_GOLANG_MAIN_MODULE_VERSION_FROM_BUILD_SETTINGS) - from-build-settings: true - -java: - # enables Syft to use the network to fetch version and license information for packages when - # a parent or imported pom file is not found in the local maven repository. - # the pom files are downloaded from the remote Maven repository at 'maven-url' (env: SYFT_JAVA_USE_NETWORK) - use-network: - - # use the local Maven repository to retrieve pom files. When Maven is installed and was previously used - # for building the software that is being scanned, then most pom files will be available in this - # repository on the local file system. this greatly speeds up scans. when all pom files are available - # in the local repository, then 'use-network' is not needed. - # TIP: If you want to download all required pom files to the local repository without running a full - # build, run 'mvn help:effective-pom' before performing the scan with syft. (env: SYFT_JAVA_USE_MAVEN_LOCAL_REPOSITORY) - use-maven-local-repository: - - # override the default location of the local Maven repository. - # the default is the subdirectory '.m2/repository' in your home directory (env: SYFT_JAVA_MAVEN_LOCAL_REPOSITORY_DIR) - maven-local-repository-dir: '~.m2~repository' - - # maven repository to use, defaults to Maven central (env: SYFT_JAVA_MAVEN_URL) - maven-url: 'https://repo1.maven.org/maven2' - - # depth to recursively resolve parent POMs, no limit if <= 0 (env: SYFT_JAVA_MAX_PARENT_RECURSIVE_DEPTH) - max-parent-recursive-depth: 0 - - # resolve transient dependencies such as those defined in a dependency's POM on Maven central (env: SYFT_JAVA_RESOLVE_TRANSITIVE_DEPENDENCIES) - resolve-transitive-dependencies: false - -javascript: - # enables Syft to use the network to fill in more detailed license information (env: SYFT_JAVASCRIPT_SEARCH_REMOTE_LICENSES) - search-remote-licenses: - - # base NPM url to use (env: SYFT_JAVASCRIPT_NPM_BASE_URL) - npm-base-url: '' - - # include development-scoped dependencies (env: SYFT_JAVASCRIPT_INCLUDE_DEV_DEPENDENCIES) - include-dev-dependencies: - -linux-kernel: - # whether to catalog linux kernel modules found within lib/modules/** directories (env: SYFT_LINUX_KERNEL_CATALOG_MODULES) - catalog-modules: true +Show the syft configuration. -nix: - # enumerate all files owned by packages found within Nix store paths (env: SYFT_NIX_CAPTURE_OWNED_FILES) - capture-owned-files: false - -python: - # when running across entries in requirements.txt that do not specify a specific version - # (e.g. "sqlalchemy >= 1.0.0, <= 2.0.0, != 3.0.0, <= 3.0.0"), attempt to guess what the version could - # be based on the version requirements specified (e.g. "1.0.0"). When enabled the lowest expressible version - # when given an arbitrary constraint will be used (even if that version may not be available/published). (env: SYFT_PYTHON_GUESS_UNPINNED_REQUIREMENTS) - guess-unpinned-requirements: false - -registry: - # skip TLS verification when communicating with the registry (env: SYFT_REGISTRY_INSECURE_SKIP_TLS_VERIFY) - insecure-skip-tls-verify: false - - # use http instead of https when connecting to the registry (env: SYFT_REGISTRY_INSECURE_USE_HTTP) - insecure-use-http: false - - # Authentication credentials for specific registries. Each entry describes authentication for a specific authority: - # - authority: the registry authority URL the URL to the registry (e.g. "docker.io", "localhost:5000", etc.) (env: SYFT_REGISTRY_AUTH_AUTHORITY) - # username: a username if using basic credentials (env: SYFT_REGISTRY_AUTH_USERNAME) - # password: a corresponding password (env: SYFT_REGISTRY_AUTH_PASSWORD) - # token: a token if using token-based authentication, mutually exclusive with username/password (env: SYFT_REGISTRY_AUTH_TOKEN) - # tls-cert: filepath to the client certificate used for TLS authentication to the registry (env: SYFT_REGISTRY_AUTH_TLS_CERT) - # tls-key: filepath to the client key used for TLS authentication to the registry (env: SYFT_REGISTRY_AUTH_TLS_KEY) - auth: [] - - # filepath to a CA certificate (or directory containing *.crt, *.cert, *.pem) used to generate the client certificate (env: SYFT_REGISTRY_CA_CERT) - ca-cert: '' - -# specify the source behavior to use (e.g. docker, registry, oci-dir, ...) (env: SYFT_FROM) -from: [] - -# an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux') (env: SYFT_PLATFORM) -platform: '' - -source: - # set the name of the target being analyzed (env: SYFT_SOURCE_NAME) - name: '' - - # set the version of the target being analyzed (env: SYFT_SOURCE_VERSION) - version: '' - - # the organization that supplied the component, which often may be the manufacturer, distributor, or repackager (env: SYFT_SOURCE_SUPPLIER) - supplier: '' - - # (env: SYFT_SOURCE_SOURCE) - source: '' - - # base directory for scanning, no links will be followed above this directory, and all paths will be reported relative to this directory (env: SYFT_SOURCE_BASE_PATH) - base-path: '' - - file: - # the file digest algorithms to use on the scanned file (options: "md5", "sha1", "sha224", "sha256", "sha384", "sha512") (env: SYFT_SOURCE_FILE_DIGESTS) - digests: - - 'SHA-256' - - image: - # allows users to specify which image source should be used to generate the sbom - # valid values are: registry, docker, podman (env: SYFT_SOURCE_IMAGE_DEFAULT_PULL_SOURCE) - default-pull-source: '' - - # (env: SYFT_SOURCE_IMAGE_MAX_LAYER_SIZE) - max-layer-size: '' - -# exclude paths from being scanned using a glob expression (env: SYFT_EXCLUDE) -exclude: [] - -unknowns: - # remove unknown errors on files with discovered packages (env: SYFT_UNKNOWNS_REMOVE_WHEN_PACKAGES_DEFINED) - remove-when-packages-defined: true - - # include executables without any identified packages (env: SYFT_UNKNOWNS_EXECUTABLES_WITHOUT_PACKAGES) - executables-without-packages: true - - # include archives which were not expanded and searched (env: SYFT_UNKNOWNS_UNEXPANDED_ARCHIVES) - unexpanded-archives: true - -cache: - # root directory to cache any downloaded content; empty string will use an in-memory cache (env: SYFT_CACHE_DIR) - dir: '~.cache~syft' - - # time to live for cached data; setting this to 0 will disable caching entirely (env: SYFT_CACHE_TTL) - ttl: '7d' +``` +Usage: + syft config [flags] + syft config [command] -# show catalogers that have been de-selected (env: SYFT_SHOW_HIDDEN) -show-hidden: false +Available Commands: + locations shows all locations and the order in which syft will look for a configuration file -attest: - # the key to use for the attestation (env: SYFT_ATTEST_KEY) - key: '' +Flags: + -h, --help help for config + --load load and validate the syft configuration - # password to decrypt to given private key - # additionally responds to COSIGN_PASSWORD env var (env: SYFT_ATTEST_PASSWORD) - password: '' ``` ### `syft convert` -``` -[Experimental] Convert SBOM files to, and from, SPDX, CycloneDX and Syft's format. For more info about data loss between formats see https://github.com/anchore/syft/wiki/format-conversion +[Experimental] Convert SBOM files to, and from, SPDX, CycloneDX and Syft's format. For more info about data loss between formats see . +``` Usage: syft convert [SOURCE-SBOM] -o [FORMAT] [flags] @@ -615,18 +178,13 @@ Flags: -o, --output stringArray report output format (= to output to a file), formats=[cyclonedx-json cyclonedx-xml github-json purls spdx-json spdx-tag-value syft-json syft-table syft-text template] (default [syft-table]) -t, --template string specify the path to a Go template file -Global Flags: - -c, --config stringArray syft configuration file(s) to use - --profile stringArray configuration profiles to use - -q, --quiet suppress all logging output - -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` ### `syft login` -``` -Log in to a registry +Log in to a registry. +``` Usage: syft login [OPTIONS] [SERVER] [flags] @@ -640,18 +198,13 @@ Flags: --password-stdin Take the password from stdin -u, --username string Username -Global Flags: - -c, --config stringArray syft configuration file(s) to use - --profile stringArray configuration profiles to use - -q, --quiet suppress all logging output - -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` ### `syft scan` -``` -Generate a packaged-based Software Bill Of Materials (SBOM) from container images and filesystems +Generate a packaged-based Software Bill Of Materials (SBOM) from container images and filesystems. +``` Usage: syft scan [SOURCE] [flags] @@ -701,9 +254,18 @@ Flags: --source-version string set the version of the target being analyzed -t, --template string specify the path to a Go template file -Global Flags: - -c, --config stringArray syft configuration file(s) to use - --profile stringArray configuration profiles to use - -q, --quiet suppress all logging output - -v, --verbose count increase verbosity (-v = info, -vv = debug) +``` + +### `syft version` + +Show version information. + +``` +Usage: + syft version [flags] + +Flags: + -h, --help help for version + -o, --output string the format to show the results (allowable: [text json]) (default "text") + ``` diff --git a/content/docs/releases/grant/_index.md b/content/docs/releases/grant/_index.md index 1b986444..1cfd82f2 100644 --- a/content/docs/releases/grant/_index.md +++ b/content/docs/releases/grant/_index.md @@ -1,7 +1,7 @@ +++ tags = ['grant'] categories = ['release'] -title = "Grant Release Notes" +title = "Grant Release Notes" linkTitle = "Grant" url = "docs/releases/grant" description = "Anchore Grant Release Notes" diff --git a/content/docs/releases/grant/v0.1.0.md b/content/docs/releases/grant/v0.1.0.md index fc3d7ec5..9ee08195 100644 --- a/content/docs/releases/grant/v0.1.0.md +++ b/content/docs/releases/grant/v0.1.0.md @@ -11,15 +11,15 @@ description = "Release notes for grant v0.1.0" Version [v0.1.0](https://github.com/anchore/grant/releases/tag/v0.1.0) -## Grant – License information is just an SBOM away v0.1.0 (INTERNAL-PRE-RELEASE) - -Grant is a new tool from the Anchore team that can view and check licenses from a given software bill of material. - -#### Features - -- Users can supply an SBOM to grant and obtain a license violation report -- Grant also can take an image or directory input, generate an SBOM, and then use those results as part of the license check. -- list all the licenses found for a given container image or directory -- Grant also has the ability to recognize licenses passed to it as a part of its input. -- Given some text, grant can recognize a license and compare it to the provided configuration along with the SBOM or other supplied containers +## Grant – License information is just an SBOM away v0.1.0 (INTERNAL-PRE-RELEASE) + +Grant is a new tool from the Anchore team that can view and check licenses from a given software bill of material. + +#### Features + +- Users can supply an SBOM to grant and obtain a license violation report +- Grant also can take an image or directory input, generate an SBOM, and then use those results as part of the license check. +- list all the licenses found for a given container image or directory +- Grant also has the ability to recognize licenses passed to it as a part of its input. +- Given some text, grant can recognize a license and compare it to the provided configuration along with the SBOM or other supplied containers - Licenses are checked against the SPDX license list found here: https://spdx.org/licenses/. diff --git a/content/docs/releases/grant/v0.1.1.md b/content/docs/releases/grant/v0.1.1.md index d6b3fe2c..24c260d2 100644 --- a/content/docs/releases/grant/v0.1.1.md +++ b/content/docs/releases/grant/v0.1.1.md @@ -11,22 +11,22 @@ description = "Release notes for grant v0.1.1" Version [v0.1.1](https://github.com/anchore/grant/releases/tag/v0.1.1) -## Grant – License information is just an SBOM away v0.1.0 - -Grant is a new tool from the Anchore team that can view and check licenses from a given software bill of material. - -#### Features - -- Users can supply an SBOM to grant and obtain a license violation report -- Grant also can take an image or directory input, generate an SBOM, and then use those results as part of the license check. -- list all the licenses found for a given container image or directory -- Grant also has the ability to recognize licenses passed to it as a part of its input. -- Given some text, grant can recognize a license and compare it to the provided configuration along with the SBOM or other supplied containers -- Licenses are checked against the SPDX license list found here: https://spdx.org/licenses/. - -## Additional Changes - -- chore: update automatic release flow for v0.1.1 release [[#29](https://github.com/anchore/grant/pull/29) [@spiffcs](https://github.com/spiffcs)] -- chore: update code static analysis path [[#27](https://github.com/anchore/grant/pull/27) [@spiffcs](https://github.com/spiffcs)] - +## Grant – License information is just an SBOM away v0.1.0 + +Grant is a new tool from the Anchore team that can view and check licenses from a given software bill of material. + +#### Features + +- Users can supply an SBOM to grant and obtain a license violation report +- Grant also can take an image or directory input, generate an SBOM, and then use those results as part of the license check. +- list all the licenses found for a given container image or directory +- Grant also has the ability to recognize licenses passed to it as a part of its input. +- Given some text, grant can recognize a license and compare it to the provided configuration along with the SBOM or other supplied containers +- Licenses are checked against the SPDX license list found here: https://spdx.org/licenses/. + +## Additional Changes + +- chore: update automatic release flow for v0.1.1 release [[#29](https://github.com/anchore/grant/pull/29) [@spiffcs](https://github.com/spiffcs)] +- chore: update code static analysis path [[#27](https://github.com/anchore/grant/pull/27) [@spiffcs](https://github.com/spiffcs)] + **[(Full Changelog)](https://github.com/anchore/grant/compare/v0.1.0...v0.1.1)** diff --git a/content/docs/releases/grant/v0.2.0.md b/content/docs/releases/grant/v0.2.0.md index e06b17f1..a7f1675e 100644 --- a/content/docs/releases/grant/v0.2.0.md +++ b/content/docs/releases/grant/v0.2.0.md @@ -11,9 +11,9 @@ description = "Release notes for grant v0.2.0" Version [v0.2.0](https://github.com/anchore/grant/releases/tag/v0.2.0) -## Feature Changes - -- add CSV output option [[#65](https://github.com/anchore/grant/pull/65) [@spiffcs](https://github.com/spiffcs)] -- update syft source provider [[#58](https://github.com/anchore/grant/pull/58) [@kzantow](https://github.com/kzantow)] - +## Feature Changes + +- add CSV output option [[#65](https://github.com/anchore/grant/pull/65) [@spiffcs](https://github.com/spiffcs)] +- update syft source provider [[#58](https://github.com/anchore/grant/pull/58) [@kzantow](https://github.com/kzantow)] + **[(Full Changelog)](https://github.com/anchore/grant/compare/v0.1.3...v0.2.0)** diff --git a/content/docs/releases/grant/v0.2.1.md b/content/docs/releases/grant/v0.2.1.md index 90c636ec..5cda0822 100644 --- a/content/docs/releases/grant/v0.2.1.md +++ b/content/docs/releases/grant/v0.2.1.md @@ -11,9 +11,9 @@ description = "Release notes for grant v0.2.1" Version [v0.2.1](https://github.com/anchore/grant/releases/tag/v0.2.1) -## Additional Changes - -- Add SBOM generation and checksums signing to release [[#55](https://github.com/anchore/grant/pull/55) [@spiffcs](https://github.com/spiffcs)] -- Update Syft to v1.8.0 - +## Additional Changes + +- Add SBOM generation and checksums signing to release [[#55](https://github.com/anchore/grant/pull/55) [@spiffcs](https://github.com/spiffcs)] +- Update Syft to v1.8.0 + **[(Full Changelog)](https://github.com/anchore/grant/compare/v0.2.0...v0.2.1)** diff --git a/content/docs/releases/grant/v0.2.2.md b/content/docs/releases/grant/v0.2.2.md index 217444b6..9ab57ce6 100644 --- a/content/docs/releases/grant/v0.2.2.md +++ b/content/docs/releases/grant/v0.2.2.md @@ -11,18 +11,19 @@ description = "Release notes for grant v0.2.2" Version [v0.2.2](https://github.com/anchore/grant/releases/tag/v0.2.2) -## Grant v0.2.2 -Special thanks to [@NyanKiyoshi](https://github.com/NyanKiyoshi) and [@psududemike](https://github.com/psududemike) for the contributions surrounding fixing #101. - -Please file an issue or reach out on the issue board tagging [@spiffcs](https://github.com/spiffcs) if you need support, feature requests, bug fixes, or have ideas for future features and PR. - -## Bug Fixes - -- No way to deny all licenses while allowing specific ones [[#101](https://github.com/anchore/grant/issues/101) [#123](https://github.com/anchore/grant/pull/123) [@NyanKiyoshi](https://github.com/NyanKiyoshi)] -- Update to support #101 [[#124](https://github.com/anchore/grant/pull/124) [@psududemike](https://github.com/psududemike)] - -## Additional Changes - -- bump go version for build [[#132](https://github.com/anchore/grant/pull/132) [@spiffcs](https://github.com/spiffcs)] - +## Grant v0.2.2 + +Special thanks to [@NyanKiyoshi](https://github.com/NyanKiyoshi) and [@psududemike](https://github.com/psududemike) for the contributions surrounding fixing #101. + +Please file an issue or reach out on the issue board tagging [@spiffcs](https://github.com/spiffcs) if you need support, feature requests, bug fixes, or have ideas for future features and PR. + +## Bug Fixes + +- No way to deny all licenses while allowing specific ones [[#101](https://github.com/anchore/grant/issues/101) [#123](https://github.com/anchore/grant/pull/123) [@NyanKiyoshi](https://github.com/NyanKiyoshi)] +- Update to support #101 [[#124](https://github.com/anchore/grant/pull/124) [@psududemike](https://github.com/psududemike)] + +## Additional Changes + +- bump go version for build [[#132](https://github.com/anchore/grant/pull/132) [@spiffcs](https://github.com/spiffcs)] + **[(Full Changelog)](https://github.com/anchore/grant/compare/v0.2.1...v0.2.2)** diff --git a/content/docs/releases/grant/v0.2.6.md b/content/docs/releases/grant/v0.2.6.md index c5f387dc..78b9eaf9 100644 --- a/content/docs/releases/grant/v0.2.6.md +++ b/content/docs/releases/grant/v0.2.6.md @@ -11,8 +11,9 @@ description = "Release notes for grant v0.2.6" Version [v0.2.6](https://github.com/anchore/grant/releases/tag/v0.2.6) -## Updates -- add license parsing from vendor dirs for Golang with new syft [[syft/3552](https://github.com/anchore/syft/pull/3522)] [@dschmidt](https://github.com/dschmidt) -- sbom report: missing licenses consumed with new syft [[syft/3572](https://github.com/anchore/syft/issues/3527)] [@kzantow](https://github.com/kzantow) - +## Updates + +- add license parsing from vendor dirs for Golang with new syft [[syft/3552](https://github.com/anchore/syft/pull/3522)] [@dschmidt](https://github.com/dschmidt) +- sbom report: missing licenses consumed with new syft [[syft/3572](https://github.com/anchore/syft/issues/3527)] [@kzantow](https://github.com/kzantow) + **[(Full Changelog)](https://github.com/anchore/grant/compare/v0.2.5...v0.2.6)** diff --git a/content/docs/releases/grype-db/_index.md b/content/docs/releases/grype-db/_index.md index fab8ae56..63e3b897 100644 --- a/content/docs/releases/grype-db/_index.md +++ b/content/docs/releases/grype-db/_index.md @@ -1,7 +1,7 @@ +++ tags = ['grype-db'] categories = ['release'] -title = "Grype-db Release Notes" +title = "Grype-db Release Notes" linkTitle = "Grype-db" url = "docs/releases/grype-db" description = "Anchore Grype-db Release Notes" diff --git a/content/docs/releases/grype-db/v0.14.0.md b/content/docs/releases/grype-db/v0.14.0.md index bf913712..853cff7d 100644 --- a/content/docs/releases/grype-db/v0.14.0.md +++ b/content/docs/releases/grype-db/v0.14.0.md @@ -11,14 +11,14 @@ description = "Release notes for grype-db v0.14.0" Version [v0.14.0](https://github.com/anchore/grype-db/releases/tag/v0.14.0) -## [v0.14.0](https://github.com/anchore/grype-db/tree/) (2023-02-16) - -[Full Changelog](https://github.com/anchore/grype-db/compare/v0.13.0...v0.14.0) - -## Added Features - -- Port Grype-DB builder [[PR #43](https://github.com/anchore/grype-db/pull/43)] [[wagoodman](https://github.com/wagoodman)] - -## Additional Changes - +## [v0.14.0](https://github.com/anchore/grype-db/tree/) (2023-02-16) + +[Full Changelog](https://github.com/anchore/grype-db/compare/v0.13.0...v0.14.0) + +## Added Features + +- Port Grype-DB builder [[PR #43](https://github.com/anchore/grype-db/pull/43)] [[wagoodman](https://github.com/wagoodman)] + +## Additional Changes + - Add release workflow trigger [[PR #44](https://github.com/anchore/grype-db/pull/44)] [[wagoodman](https://github.com/wagoodman)] diff --git a/content/docs/releases/grype-db/v0.16.0.md b/content/docs/releases/grype-db/v0.16.0.md index 0ad3ebd9..eb0cda5f 100644 --- a/content/docs/releases/grype-db/v0.16.0.md +++ b/content/docs/releases/grype-db/v0.16.0.md @@ -11,10 +11,10 @@ description = "Release notes for grype-db v0.16.0" Version [v0.16.0](https://github.com/anchore/grype-db/releases/tag/v0.16.0) -## [v0.16.0](https://github.com/anchore/grype-db/tree/v0.16.0) (2023-05-22) - -[Full Changelog](https://github.com/anchore/grype-db/compare/v0.15.4...v0.16.0) - -## Added Features - +## [v0.16.0](https://github.com/anchore/grype-db/tree/v0.16.0) (2023-05-22) + +[Full Changelog](https://github.com/anchore/grype-db/compare/v0.15.4...v0.16.0) + +## Added Features + - capture platform CPE package qualifier [[PR #103](https://github.com/anchore/grype-db/pull/103)] [[westonsteimel](https://github.com/westonsteimel)] diff --git a/content/docs/releases/grype-db/v0.19.1.md b/content/docs/releases/grype-db/v0.19.1.md index 8743cb55..1242f48e 100644 --- a/content/docs/releases/grype-db/v0.19.1.md +++ b/content/docs/releases/grype-db/v0.19.1.md @@ -11,11 +11,11 @@ description = "Release notes for grype-db v0.19.1" Version [v0.19.1](https://github.com/anchore/grype-db/releases/tag/v0.19.1) -## [v0.19.1](https://github.com/anchore/grype-db/tree/v0.19.1) (2023-08-25) - -[Full Changelog](https://github.com/anchore/grype-db/compare/v0.19.0...v0.19.1) - -## Bug Fixes - -- fix: include cpe version update component when building constraint [[PR #145](https://github.com/anchore/grype-db/pull/145)] [[westonsteimel](https://github.com/westonsteimel)] +## [v0.19.1](https://github.com/anchore/grype-db/tree/v0.19.1) (2023-08-25) + +[Full Changelog](https://github.com/anchore/grype-db/compare/v0.19.0...v0.19.1) + +## Bug Fixes + +- fix: include cpe version update component when building constraint [[PR #145](https://github.com/anchore/grype-db/pull/145)] [[westonsteimel](https://github.com/westonsteimel)] - fix: interpret constraints correctly for Amazon Linux Kernel advisories [[PR #149](https://github.com/anchore/grype-db/pull/149)] [[westonsteimel](https://github.com/westonsteimel)] diff --git a/content/docs/releases/grype-db/v0.23.3.md b/content/docs/releases/grype-db/v0.23.3.md index bc59ac86..67a5dc0f 100644 --- a/content/docs/releases/grype-db/v0.23.3.md +++ b/content/docs/releases/grype-db/v0.23.3.md @@ -11,9 +11,9 @@ description = "Release notes for grype-db v0.23.3" Version [v0.23.3](https://github.com/anchore/grype-db/releases/tag/v0.23.3) -## Additional Changes - -- Bumps go module dependency [github.com/docker/docker](https://github.com/docker/docker) to suppress reporting of a false positive CVE. grype-db does not make use of the affected components from [github.com/docker/docker/pkg/authorization](https://pkg.go.dev/github.com/docker/docker/pkg/authorization) per [GO-2024-3005](https://pkg.go.dev/vuln/GO-2024-3005) -- CODE_OF_CONDUCT.md [[#343](https://github.com/anchore/grype-db/pull/343) [@popey](https://github.com/popey)] - +## Additional Changes + +- Bumps go module dependency [github.com/docker/docker](https://github.com/docker/docker) to suppress reporting of a false positive CVE. grype-db does not make use of the affected components from [github.com/docker/docker/pkg/authorization](https://pkg.go.dev/github.com/docker/docker/pkg/authorization) per [GO-2024-3005](https://pkg.go.dev/vuln/GO-2024-3005) +- CODE_OF_CONDUCT.md [[#343](https://github.com/anchore/grype-db/pull/343) [@popey](https://github.com/popey)] + **[(Full Changelog)](https://github.com/anchore/grype-db/compare/v0.23.2...v0.23.3)** diff --git a/content/docs/releases/grype/_index.md b/content/docs/releases/grype/_index.md index 6ff962f6..c6a0952f 100644 --- a/content/docs/releases/grype/_index.md +++ b/content/docs/releases/grype/_index.md @@ -1,7 +1,7 @@ +++ tags = ['grype'] categories = ['release'] -title = "Grype Release Notes" +title = "Grype Release Notes" linkTitle = "Grype" url = "docs/releases/grype" description = "Anchore Grype Release Notes" diff --git a/content/docs/releases/grype/v0.1.0-beta.1.md b/content/docs/releases/grype/v0.1.0-beta.1.md index ac1ec5b4..f6f991a4 100644 --- a/content/docs/releases/grype/v0.1.0-beta.1.md +++ b/content/docs/releases/grype/v0.1.0-beta.1.md @@ -10,5 +10,3 @@ description = "Release notes for grype v0.1.0-beta.1" ## Release Notes Version [v0.1.0-beta.1](https://github.com/anchore/grype/releases/tag/v0.1.0-beta.1) - - diff --git a/content/docs/releases/grype/v0.1.0-beta.11.md b/content/docs/releases/grype/v0.1.0-beta.11.md index 2452ce25..fb481cbc 100644 --- a/content/docs/releases/grype/v0.1.0-beta.11.md +++ b/content/docs/releases/grype/v0.1.0-beta.11.md @@ -23,6 +23,4 @@ Version [v0.1.0-beta.11](https://github.com/anchore/grype/releases/tag/v0.1.0-be - Always return a cleanup function from scope [\#166](https://github.com/anchore/grype/pull/166) ([wagoodman](https://github.com/wagoodman)) - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/grype/v0.1.0-beta.2.md b/content/docs/releases/grype/v0.1.0-beta.2.md index 288e4389..619abefa 100644 --- a/content/docs/releases/grype/v0.1.0-beta.2.md +++ b/content/docs/releases/grype/v0.1.0-beta.2.md @@ -10,5 +10,3 @@ description = "Release notes for grype v0.1.0-beta.2" ## Release Notes Version [v0.1.0-beta.2](https://github.com/anchore/grype/releases/tag/v0.1.0-beta.2) - - diff --git a/content/docs/releases/grype/v0.1.0-beta.3.md b/content/docs/releases/grype/v0.1.0-beta.3.md index 6603c529..58e1092f 100644 --- a/content/docs/releases/grype/v0.1.0-beta.3.md +++ b/content/docs/releases/grype/v0.1.0-beta.3.md @@ -10,5 +10,3 @@ description = "Release notes for grype v0.1.0-beta.3" ## Release Notes Version [v0.1.0-beta.3](https://github.com/anchore/grype/releases/tag/v0.1.0-beta.3) - - diff --git a/content/docs/releases/grype/v0.1.0-beta.4.md b/content/docs/releases/grype/v0.1.0-beta.4.md index 41ea76cd..e2c3cef4 100644 --- a/content/docs/releases/grype/v0.1.0-beta.4.md +++ b/content/docs/releases/grype/v0.1.0-beta.4.md @@ -10,5 +10,3 @@ description = "Release notes for grype v0.1.0-beta.4" ## Release Notes Version [v0.1.0-beta.4](https://github.com/anchore/grype/releases/tag/v0.1.0-beta.4) - - diff --git a/content/docs/releases/grype/v0.1.0-beta.5.md b/content/docs/releases/grype/v0.1.0-beta.5.md index ae7ee36d..e1e82d8d 100644 --- a/content/docs/releases/grype/v0.1.0-beta.5.md +++ b/content/docs/releases/grype/v0.1.0-beta.5.md @@ -11,37 +11,37 @@ description = "Release notes for grype v0.1.0-beta.5" Version [v0.1.0-beta.5](https://github.com/anchore/grype/releases/tag/v0.1.0-beta.5) -56b9576 Add inline-comparison as acceptance test (#106) -f98e3cd replace search key from table with severity (#107) -37ceb17 Add shell completion script (#109) -2ccdefd Add poetry to package types (#108) -30d72dd fix spaces alignment on etui -c1fdaba Adding additional detail to README (#103) -f1ad989 replace master with main (#104) -6de7e40 finalize the json output (no schema yet) (#102) -76ff973 Merge pull request #99 from anchore/issue-18 -5d057db cpe: update tests to match new ANY in product name -d8da43b test: update integration tests for alpine -e4689c6 matcher: add apk matcher unit tests -44767fc result: add a Count() helper method -4476fc9 broaden cpe matcher + modify alpine matcher -a9bf268 integration tests for corner case -cff46b8 add apk to controller -e0db0c1 test: add integration corner cases for Alpine -905cae5 matcher: add APK support -317b383 match: add APK matcher type -5147985 add description and cvss metadata to v1 schema (#100) -4e6eb13 fix panic on top-level log (#97) -81eab4e pull all commits on checkout for release to build changelog (#98) -f3756d0 change default scope to squashed (from all-layers) (#95) -0cfca60 Merge pull request #83 from anchore/initial-docs -57d73a5 docs: update README with sections and DB information -2cd127b Update pkg type (#87) -e1f4c54 bump syft for docker pull + UI elements for pull status (#81) -5261e4a Merge pull request #84 from anchore/help-error -c581a45 cmd: display help menu when no args are passed in - skip the error -87e6dc0 Merge pull request #82 from anchore/log-fix -b214c29 cmd: fix log identifier for stereoscope -fb8f3d8 restore log source after etui exit -11731fa replace zap logger with logrus (#80) +56b9576 Add inline-comparison as acceptance test (#106) +f98e3cd replace search key from table with severity (#107) +37ceb17 Add shell completion script (#109) +2ccdefd Add poetry to package types (#108) +30d72dd fix spaces alignment on etui +c1fdaba Adding additional detail to README (#103) +f1ad989 replace master with main (#104) +6de7e40 finalize the json output (no schema yet) (#102) +76ff973 Merge pull request #99 from anchore/issue-18 +5d057db cpe: update tests to match new ANY in product name +d8da43b test: update integration tests for alpine +e4689c6 matcher: add apk matcher unit tests +44767fc result: add a Count() helper method +4476fc9 broaden cpe matcher + modify alpine matcher +a9bf268 integration tests for corner case +cff46b8 add apk to controller +e0db0c1 test: add integration corner cases for Alpine +905cae5 matcher: add APK support +317b383 match: add APK matcher type +5147985 add description and cvss metadata to v1 schema (#100) +4e6eb13 fix panic on top-level log (#97) +81eab4e pull all commits on checkout for release to build changelog (#98) +f3756d0 change default scope to squashed (from all-layers) (#95) +0cfca60 Merge pull request #83 from anchore/initial-docs +57d73a5 docs: update README with sections and DB information +2cd127b Update pkg type (#87) +e1f4c54 bump syft for docker pull + UI elements for pull status (#81) +5261e4a Merge pull request #84 from anchore/help-error +c581a45 cmd: display help menu when no args are passed in - skip the error +87e6dc0 Merge pull request #82 from anchore/log-fix +b214c29 cmd: fix log identifier for stereoscope +fb8f3d8 restore log source after etui exit +11731fa replace zap logger with logrus (#80) 861883c pull in fix for bounds check progress formatting values in etui diff --git a/content/docs/releases/grype/v0.1.0-beta.6.md b/content/docs/releases/grype/v0.1.0-beta.6.md index 3717e21d..83803eea 100644 --- a/content/docs/releases/grype/v0.1.0-beta.6.md +++ b/content/docs/releases/grype/v0.1.0-beta.6.md @@ -11,9 +11,9 @@ description = "Release notes for grype v0.1.0-beta.6" Version [v0.1.0-beta.6](https://github.com/anchore/grype/releases/tag/v0.1.0-beta.6) -cbd6060 Add installer script + brew tap (#116) -457cd29 Add badges (#115) -219d8bc Use warn instead of error for packages with no matchers (#113) -50d7251 add issue templates (#112) -4596701 Merge pull request #110 from anchore/issue-35 +cbd6060 Add installer script + brew tap (#116) +457cd29 Add badges (#115) +219d8bc Use warn instead of error for packages with no matchers (#113) +50d7251 add issue templates (#112) +4596701 Merge pull request #110 from anchore/issue-35 9ece1f5 docs: add contributing guidelines diff --git a/content/docs/releases/grype/v0.10.2.md b/content/docs/releases/grype/v0.10.2.md index 13e9acf9..b7350961 100644 --- a/content/docs/releases/grype/v0.10.2.md +++ b/content/docs/releases/grype/v0.10.2.md @@ -11,35 +11,32 @@ description = "Release notes for grype v0.10.2" Version [v0.10.2](https://github.com/anchore/grype/releases/tag/v0.10.2) -## [v0.10.2](https://github.com/anchore/grype/tree/v0.10.2) (2021-04-14) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.9.0...v0.10.2) - -**Implemented enhancements:** - -- Report the repo digests in the JSON output source section [\#269](https://github.com/anchore/grype/issues/269) -- Ability to pull image directly from a registry \(without the Docker daemon\) [\#264](https://github.com/anchore/grype/issues/264) -- Allow user-defined output formats [\#251](https://github.com/anchore/grype/issues/251) -- Pull in syft v0.14.0 and further decouple presenters from Syft [\#263](https://github.com/anchore/grype/pull/263) ([wagoodman](https://github.com/wagoodman)) -- Upgrade grype-db to schema v2 [\#255](https://github.com/anchore/grype/issues/255) - -**Fixed bugs:** - -- Status text column not consistently aligned [\#289](https://github.com/anchore/grype/issues/289) -- Cannot handle downgrading grype versions with different DB schemas [\#271](https://github.com/anchore/grype/issues/271) -- CPEs in JSON output should be a formatted string [\#268](https://github.com/anchore/grype/issues/268) -- Private registry and password not working with special chars [\#254](https://github.com/anchore/grype/issues/254) -- Align status text column with that of Syft handlers [\#292](https://github.com/anchore/grype/pull/292) ([luhring](https://github.com/luhring)) -- Stage DB file within directory named by schema version [\#272](https://github.com/anchore/grype/pull/272) ([wagoodman](https://github.com/wagoodman)) - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - - -## Docker images - -- `docker pull anchore/grype:latest` -- `docker pull anchore/grype:v0.10.2` -- `docker pull anchore/grype:v0` +## [v0.10.2](https://github.com/anchore/grype/tree/v0.10.2) (2021-04-14) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.9.0...v0.10.2) + +**Implemented enhancements:** + +- Report the repo digests in the JSON output source section [\#269](https://github.com/anchore/grype/issues/269) +- Ability to pull image directly from a registry \(without the Docker daemon\) [\#264](https://github.com/anchore/grype/issues/264) +- Allow user-defined output formats [\#251](https://github.com/anchore/grype/issues/251) +- Pull in syft v0.14.0 and further decouple presenters from Syft [\#263](https://github.com/anchore/grype/pull/263) ([wagoodman](https://github.com/wagoodman)) +- Upgrade grype-db to schema v2 [\#255](https://github.com/anchore/grype/issues/255) + +**Fixed bugs:** + +- Status text column not consistently aligned [\#289](https://github.com/anchore/grype/issues/289) +- Cannot handle downgrading grype versions with different DB schemas [\#271](https://github.com/anchore/grype/issues/271) +- CPEs in JSON output should be a formatted string [\#268](https://github.com/anchore/grype/issues/268) +- Private registry and password not working with special chars [\#254](https://github.com/anchore/grype/issues/254) +- Align status text column with that of Syft handlers [\#292](https://github.com/anchore/grype/pull/292) ([luhring](https://github.com/luhring)) +- Stage DB file within directory named by schema version [\#272](https://github.com/anchore/grype/pull/272) ([wagoodman](https://github.com/wagoodman)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/grype:latest` +- `docker pull anchore/grype:v0.10.2` +- `docker pull anchore/grype:v0` - `docker pull anchore/grype:v0.10` diff --git a/content/docs/releases/grype/v0.11.0.md b/content/docs/releases/grype/v0.11.0.md index 0fd0d493..4d94c940 100644 --- a/content/docs/releases/grype/v0.11.0.md +++ b/content/docs/releases/grype/v0.11.0.md @@ -11,27 +11,25 @@ description = "Release notes for grype v0.11.0" Version [v0.11.0](https://github.com/anchore/grype/releases/tag/v0.11.0) -## [v0.11.0](https://github.com/anchore/grype/tree/v0.11.0) (2021-04-22) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.10.2...v0.11.0) - -**Implemented enhancements:** - -- Update Syft to v0.15.1 [\#306](https://github.com/anchore/grype/pull/306) ([wagoodman](https://github.com/wagoodman)) -- Refactor constraint expression parser to allow for quoted versions [\#234](https://github.com/anchore/grype/pull/234) ([wagoodman](https://github.com/wagoodman)) - -**Fixed bugs:** - -- CycloneDX format is broken in 0.7.0 [\#288](https://github.com/anchore/grype/issues/288) -- Safely join paths derived from tar headers [\#294](https://github.com/anchore/grype/pull/294) ([wagoodman](https://github.com/wagoodman)) - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/grype:latest` -- `docker pull anchore/grype:v0.11.0` -- `docker pull anchore/grype:v0` +## [v0.11.0](https://github.com/anchore/grype/tree/v0.11.0) (2021-04-22) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.10.2...v0.11.0) + +**Implemented enhancements:** + +- Update Syft to v0.15.1 [\#306](https://github.com/anchore/grype/pull/306) ([wagoodman](https://github.com/wagoodman)) +- Refactor constraint expression parser to allow for quoted versions [\#234](https://github.com/anchore/grype/pull/234) ([wagoodman](https://github.com/wagoodman)) + +**Fixed bugs:** + +- CycloneDX format is broken in 0.7.0 [\#288](https://github.com/anchore/grype/issues/288) +- Safely join paths derived from tar headers [\#294](https://github.com/anchore/grype/pull/294) ([wagoodman](https://github.com/wagoodman)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/grype:latest` +- `docker pull anchore/grype:v0.11.0` +- `docker pull anchore/grype:v0` - `docker pull anchore/grype:v0.11` diff --git a/content/docs/releases/grype/v0.12.1.md b/content/docs/releases/grype/v0.12.1.md index 19950822..eee13ebc 100644 --- a/content/docs/releases/grype/v0.12.1.md +++ b/content/docs/releases/grype/v0.12.1.md @@ -11,35 +11,32 @@ description = "Release notes for grype v0.12.1" Version [v0.12.1](https://github.com/anchore/grype/releases/tag/v0.12.1) -## [v0.12.1](https://github.com/anchore/grype/tree/v0.12.1) (2021-05-25) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.12.0...v0.12.1) - -**Implemented enhancements:** - -- Allow registry auth config without authority value [\#322](https://github.com/anchore/grype/pull/322) ([luhring](https://github.com/luhring)) -- Add java virtual path to package metadata [\#320](https://github.com/anchore/grype/pull/320) ([wagoodman](https://github.com/wagoodman)) -- Show limited package metadata in json presenter [\#319](https://github.com/anchore/grype/pull/319) ([wagoodman](https://github.com/wagoodman)) -- json output should be sorted [\#245](https://github.com/anchore/grype/issues/245) -- Expose the explicit record source for each match [\#283](https://github.com/anchore/grype/issues/283) -- Add database information to the JSON output [\#270](https://github.com/anchore/grype/issues/270) -- Add DB information to json descriptor block [\#302](https://github.com/anchore/grype/pull/302) ([wagoodman](https://github.com/wagoodman)) -- Add grype db namespace indication in match details [\#299](https://github.com/anchore/grype/pull/299) ([wagoodman](https://github.com/wagoodman)) - -**Fixed bugs:** - -- Alpine matching should use NVD as primary source [\#281](https://github.com/anchore/grype/issues/281) -- Vulnerability check should be more "greedy" [\#252](https://github.com/anchore/grype/issues/252) -- Allow registry auth config without authority value [\#322](https://github.com/anchore/grype/pull/322) ([luhring](https://github.com/luhring)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/grype:latest` -- `docker pull anchore/grype:v0.12.1` -- `docker pull anchore/grype:v0` +## [v0.12.1](https://github.com/anchore/grype/tree/v0.12.1) (2021-05-25) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.12.0...v0.12.1) + +**Implemented enhancements:** + +- Allow registry auth config without authority value [\#322](https://github.com/anchore/grype/pull/322) ([luhring](https://github.com/luhring)) +- Add java virtual path to package metadata [\#320](https://github.com/anchore/grype/pull/320) ([wagoodman](https://github.com/wagoodman)) +- Show limited package metadata in json presenter [\#319](https://github.com/anchore/grype/pull/319) ([wagoodman](https://github.com/wagoodman)) +- json output should be sorted [\#245](https://github.com/anchore/grype/issues/245) +- Expose the explicit record source for each match [\#283](https://github.com/anchore/grype/issues/283) +- Add database information to the JSON output [\#270](https://github.com/anchore/grype/issues/270) +- Add DB information to json descriptor block [\#302](https://github.com/anchore/grype/pull/302) ([wagoodman](https://github.com/wagoodman)) +- Add grype db namespace indication in match details [\#299](https://github.com/anchore/grype/pull/299) ([wagoodman](https://github.com/wagoodman)) + +**Fixed bugs:** + +- Alpine matching should use NVD as primary source [\#281](https://github.com/anchore/grype/issues/281) +- Vulnerability check should be more "greedy" [\#252](https://github.com/anchore/grype/issues/252) +- Allow registry auth config without authority value [\#322](https://github.com/anchore/grype/pull/322) ([luhring](https://github.com/luhring)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/grype:latest` +- `docker pull anchore/grype:v0.12.1` +- `docker pull anchore/grype:v0` - `docker pull anchore/grype:v0.12` diff --git a/content/docs/releases/grype/v0.13.0.md b/content/docs/releases/grype/v0.13.0.md index c7aae755..0e552989 100644 --- a/content/docs/releases/grype/v0.13.0.md +++ b/content/docs/releases/grype/v0.13.0.md @@ -11,28 +11,26 @@ description = "Release notes for grype v0.13.0" Version [v0.13.0](https://github.com/anchore/grype/releases/tag/v0.13.0) -## [v0.13.0](https://github.com/anchore/grype/tree/v0.13.0) (2021-06-02) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.12.1...v0.13.0) - -**Implemented enhancements:** - -- Add NVD CVSS scores to grype json output for matches on the vendor record [\#314](https://github.com/anchore/grype/issues/314) -- Add Vendor metadata for vulnerability fixes [\#276](https://github.com/anchore/grype/issues/276) - -**Fixed bugs:** - -- Replace links to Slack channels with public signup link [\#325](https://github.com/anchore/grype/pull/325) ([luhring](https://github.com/luhring)) -- There should always be links associated with a vulnerability [\#189](https://github.com/anchore/grype/issues/189) -- Add vendor-provided CVSS scores to vulnerability match records where available [\#287](https://github.com/anchore/grype/issues/287) - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/grype:latest` -- `docker pull anchore/grype:v0.13.0` -- `docker pull anchore/grype:v0` +## [v0.13.0](https://github.com/anchore/grype/tree/v0.13.0) (2021-06-02) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.12.1...v0.13.0) + +**Implemented enhancements:** + +- Add NVD CVSS scores to grype json output for matches on the vendor record [\#314](https://github.com/anchore/grype/issues/314) +- Add Vendor metadata for vulnerability fixes [\#276](https://github.com/anchore/grype/issues/276) + +**Fixed bugs:** + +- Replace links to Slack channels with public signup link [\#325](https://github.com/anchore/grype/pull/325) ([luhring](https://github.com/luhring)) +- There should always be links associated with a vulnerability [\#189](https://github.com/anchore/grype/issues/189) +- Add vendor-provided CVSS scores to vulnerability match records where available [\#287](https://github.com/anchore/grype/issues/287) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/grype:latest` +- `docker pull anchore/grype:v0.13.0` +- `docker pull anchore/grype:v0` - `docker pull anchore/grype:v0.13` diff --git a/content/docs/releases/grype/v0.15.0.md b/content/docs/releases/grype/v0.15.0.md index 656433ba..77af0b2c 100644 --- a/content/docs/releases/grype/v0.15.0.md +++ b/content/docs/releases/grype/v0.15.0.md @@ -11,35 +11,32 @@ description = "Release notes for grype v0.15.0" Version [v0.15.0](https://github.com/anchore/grype/releases/tag/v0.15.0) -## [v0.15.0](https://github.com/anchore/grype/tree/v0.15.0) (2021-07-14) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.13.0...v0.15.0) - -**Implemented enhancements:** - -- Add NVD CVSS scores to grype json output for matches on the vendor record [\#314](https://github.com/anchore/grype/issues/314) -- Vendor metadata for vulnerability fixes is missing [\#276](https://github.com/anchore/grype/issues/276) - -**Fixed bugs:** - -- cyclonedx reports a score of 0 if CVE has no CVSS [\#366](https://github.com/anchore/grype/issues/366) -- cyclonedx doesn't report severity if feed has no CVSS [\#364](https://github.com/anchore/grype/issues/364) -- Pipelines allow unclean go.sum files that block our release pipeline [\#358](https://github.com/anchore/grype/issues/358) -- Panic during directory scan [\#353](https://github.com/anchore/grype/issues/353) -- CycloneDX Document struct returns empty Components list when parsing CycloneDX XML output [\#345](https://github.com/anchore/grype/issues/345) -- Add vendor-provided CVSS scores to vulnerability match records where available [\#287](https://github.com/anchore/grype/issues/287) -- There should always be links associated with a vulnerability [\#189](https://github.com/anchore/grype/issues/189) -- Show no value in table output for unknown fixes [\#350](https://github.com/anchore/grype/pull/350) ([luhring](https://github.com/luhring)) -- Fix RPM epoch comparison logic [\#331](https://github.com/anchore/grype/pull/331) ([wagoodman](https://github.com/wagoodman)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/grype:latest` -- `docker pull anchore/grype:v0.15.0` -- `docker pull anchore/grype:v0` +## [v0.15.0](https://github.com/anchore/grype/tree/v0.15.0) (2021-07-14) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.13.0...v0.15.0) + +**Implemented enhancements:** + +- Add NVD CVSS scores to grype json output for matches on the vendor record [\#314](https://github.com/anchore/grype/issues/314) +- Vendor metadata for vulnerability fixes is missing [\#276](https://github.com/anchore/grype/issues/276) + +**Fixed bugs:** + +- cyclonedx reports a score of 0 if CVE has no CVSS [\#366](https://github.com/anchore/grype/issues/366) +- cyclonedx doesn't report severity if feed has no CVSS [\#364](https://github.com/anchore/grype/issues/364) +- Pipelines allow unclean go.sum files that block our release pipeline [\#358](https://github.com/anchore/grype/issues/358) +- Panic during directory scan [\#353](https://github.com/anchore/grype/issues/353) +- CycloneDX Document struct returns empty Components list when parsing CycloneDX XML output [\#345](https://github.com/anchore/grype/issues/345) +- Add vendor-provided CVSS scores to vulnerability match records where available [\#287](https://github.com/anchore/grype/issues/287) +- There should always be links associated with a vulnerability [\#189](https://github.com/anchore/grype/issues/189) +- Show no value in table output for unknown fixes [\#350](https://github.com/anchore/grype/pull/350) ([luhring](https://github.com/luhring)) +- Fix RPM epoch comparison logic [\#331](https://github.com/anchore/grype/pull/331) ([wagoodman](https://github.com/wagoodman)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/grype:latest` +- `docker pull anchore/grype:v0.15.0` +- `docker pull anchore/grype:v0` - `docker pull anchore/grype:v0.15` diff --git a/content/docs/releases/grype/v0.16.0.md b/content/docs/releases/grype/v0.16.0.md index c7bec91e..0e673664 100644 --- a/content/docs/releases/grype/v0.16.0.md +++ b/content/docs/releases/grype/v0.16.0.md @@ -11,24 +11,21 @@ description = "Release notes for grype v0.16.0" Version [v0.16.0](https://github.com/anchore/grype/releases/tag/v0.16.0) -## [v0.16.0](https://github.com/anchore/grype/tree/v0.16.0) (2021-08-18) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.15.0...v0.16.0) - -**Implemented enhancements:** - -- Grype is not consistent when scaning dir on disk [\#338](https://github.com/anchore/grype/issues/338) -- Add option for accessing registries without HTTPS [\#334](https://github.com/anchore/grype/issues/334) -- Incorporate CPE generation enhancements [\#375](https://github.com/anchore/grype/pull/375) ([wagoodman](https://github.com/wagoodman)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/grype:latest` -- `docker pull anchore/grype:v0.16.0` -- `docker pull anchore/grype:v0` +## [v0.16.0](https://github.com/anchore/grype/tree/v0.16.0) (2021-08-18) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.15.0...v0.16.0) + +**Implemented enhancements:** + +- Grype is not consistent when scaning dir on disk [\#338](https://github.com/anchore/grype/issues/338) +- Add option for accessing registries without HTTPS [\#334](https://github.com/anchore/grype/issues/334) +- Incorporate CPE generation enhancements [\#375](https://github.com/anchore/grype/pull/375) ([wagoodman](https://github.com/wagoodman)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/grype:latest` +- `docker pull anchore/grype:v0.16.0` +- `docker pull anchore/grype:v0` - `docker pull anchore/grype:v0.16` diff --git a/content/docs/releases/grype/v0.17.0.md b/content/docs/releases/grype/v0.17.0.md index 7048ac9f..49377594 100644 --- a/content/docs/releases/grype/v0.17.0.md +++ b/content/docs/releases/grype/v0.17.0.md @@ -11,27 +11,25 @@ description = "Release notes for grype v0.17.0" Version [v0.17.0](https://github.com/anchore/grype/releases/tag/v0.17.0) -## [v0.17.0](https://github.com/anchore/grype/tree/v0.17.0) (2021-08-25) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.16.0...v0.17.0) - -**Implemented enhancements:** - -- (via Syft) Added parser for Pipfile.lock to cataloger [anchore/syft#242](https://github.com/anchore/syft/issues/242) - -**Fixed bugs:** - -- Reporting vulnerabilities for NPM dependencies from lock files that should be excluded [\#385](https://github.com/anchore/grype/issues/385) -- False positive perl-Pod-Escapes vulns, RHEL7 [\#376](https://github.com/anchore/grype/issues/376) -- RPM matcher not always properly detecting package name from source RPM [\#374](https://github.com/anchore/grype/issues/374) - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/grype:latest` -- `docker pull anchore/grype:v0.17.0` -- `docker pull anchore/grype:v0` +## [v0.17.0](https://github.com/anchore/grype/tree/v0.17.0) (2021-08-25) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.16.0...v0.17.0) + +**Implemented enhancements:** + +- (via Syft) Added parser for Pipfile.lock to cataloger [anchore/syft#242](https://github.com/anchore/syft/issues/242) + +**Fixed bugs:** + +- Reporting vulnerabilities for NPM dependencies from lock files that should be excluded [\#385](https://github.com/anchore/grype/issues/385) +- False positive perl-Pod-Escapes vulns, RHEL7 [\#376](https://github.com/anchore/grype/issues/376) +- RPM matcher not always properly detecting package name from source RPM [\#374](https://github.com/anchore/grype/issues/374) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/grype:latest` +- `docker pull anchore/grype:v0.17.0` +- `docker pull anchore/grype:v0` - `docker pull anchore/grype:v0.17` diff --git a/content/docs/releases/grype/v0.18.0.md b/content/docs/releases/grype/v0.18.0.md index 459c2b2c..af4221d5 100644 --- a/content/docs/releases/grype/v0.18.0.md +++ b/content/docs/releases/grype/v0.18.0.md @@ -11,27 +11,24 @@ description = "Release notes for grype v0.18.0" Version [v0.18.0](https://github.com/anchore/grype/releases/tag/v0.18.0) -## [v0.18.0](https://github.com/anchore/grype/tree/v0.18.0) (2021-09-13) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.17.0...v0.18.0) - -**Implemented enhancements:** - -- bump syft to the newest 0.23.0 version [\#414](https://github.com/anchore/grype/pull/414) ([spiffcs](https://github.com/spiffcs)) - -**Fixed bugs:** - -- Alpine matching should include source indirection matching [\#343](https://github.com/anchore/grype/issues/343) -- Ensure that virtual path is reported for java archives. [\#393](https://github.com/anchore/grype/pull/393) ([dakaneye](https://github.com/dakaneye)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/grype:latest` -- `docker pull anchore/grype:v0.18.0` -- `docker pull anchore/grype:v0` +## [v0.18.0](https://github.com/anchore/grype/tree/v0.18.0) (2021-09-13) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.17.0...v0.18.0) + +**Implemented enhancements:** + +- bump syft to the newest 0.23.0 version [\#414](https://github.com/anchore/grype/pull/414) ([spiffcs](https://github.com/spiffcs)) + +**Fixed bugs:** + +- Alpine matching should include source indirection matching [\#343](https://github.com/anchore/grype/issues/343) +- Ensure that virtual path is reported for java archives. [\#393](https://github.com/anchore/grype/pull/393) ([dakaneye](https://github.com/dakaneye)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/grype:latest` +- `docker pull anchore/grype:v0.18.0` +- `docker pull anchore/grype:v0` - `docker pull anchore/grype:v0.18` diff --git a/content/docs/releases/grype/v0.19.0.md b/content/docs/releases/grype/v0.19.0.md index d9c8d816..0fe87c83 100644 --- a/content/docs/releases/grype/v0.19.0.md +++ b/content/docs/releases/grype/v0.19.0.md @@ -11,27 +11,26 @@ description = "Release notes for grype v0.19.0" Version [v0.19.0](https://github.com/anchore/grype/releases/tag/v0.19.0) -## [v0.19.0](https://github.com/anchore/grype/tree/v0.19.0) (2021-09-14) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.18.0...v0.19.0) - -**Implemented enhancements:** - -- Update grype-db dependency, add some SLES tests [\#413](https://github.com/anchore/grype/pull/413) ([dspalmer99](https://github.com/dspalmer99)) - -**Fixed bugs:** - -- False positive core.jar \(CVE-2020-15235, CVE-2020-15505, CVE-2020-15506, CVE-2020-15507\) [\#342](https://github.com/anchore/grype/issues/342) -- False positives for javax.mail [\#341](https://github.com/anchore/grype/issues/341) -- False positives in Python package "redis" confused with Redis server [\#307](https://github.com/anchore/grype/issues/307) -- False positive - Python Libraries mistaken for other Software [\#212](https://github.com/anchore/grype/issues/212) - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/grype:latest` -- `docker pull anchore/grype:v0.19.0` -- `docker pull anchore/grype:v0` +## [v0.19.0](https://github.com/anchore/grype/tree/v0.19.0) (2021-09-14) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.18.0...v0.19.0) + +**Implemented enhancements:** + +- Update grype-db dependency, add some SLES tests [\#413](https://github.com/anchore/grype/pull/413) ([dspalmer99](https://github.com/dspalmer99)) + +**Fixed bugs:** + +- False positive core.jar \(CVE-2020-15235, CVE-2020-15505, CVE-2020-15506, CVE-2020-15507\) [\#342](https://github.com/anchore/grype/issues/342) +- False positives for javax.mail [\#341](https://github.com/anchore/grype/issues/341) +- False positives in Python package "redis" confused with Redis server [\#307](https://github.com/anchore/grype/issues/307) +- False positive - Python Libraries mistaken for other Software [\#212](https://github.com/anchore/grype/issues/212) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/grype:latest` +- `docker pull anchore/grype:v0.19.0` +- `docker pull anchore/grype:v0` - `docker pull anchore/grype:v0.19` diff --git a/content/docs/releases/grype/v0.2.0.md b/content/docs/releases/grype/v0.2.0.md index 386399d1..f96c80af 100644 --- a/content/docs/releases/grype/v0.2.0.md +++ b/content/docs/releases/grype/v0.2.0.md @@ -11,23 +11,21 @@ description = "Release notes for grype v0.2.0" Version [v0.2.0](https://github.com/anchore/grype/releases/tag/v0.2.0) -## [v0.2.0](https://github.com/anchore/grype/tree/v0.2.0) (2020-10-23) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.1.0...v0.2.0) - -**Implemented enhancements:** - -- Incorporate package.json & gemspec catalogers [\#187](https://github.com/anchore/grype/pull/187) ([wagoodman](https://github.com/wagoodman)) -- Update install script arguments for proper argument processing [\#181](https://github.com/anchore/grype/pull/181) ([wagoodman](https://github.com/wagoodman)) -- Run checks on PRs from forks [\#180](https://github.com/anchore/grype/pull/180) ([wagoodman](https://github.com/wagoodman)) -- Edit typo in readme [\#179](https://github.com/anchore/grype/pull/179) ([gsiener](https://github.com/gsiener)) -- Incorporate gemspec cataloger [\#177](https://github.com/anchore/grype/pull/177) ([wagoodman](https://github.com/wagoodman)) -- Migrate to GHA pipeline [\#176](https://github.com/anchore/grype/pull/176) ([wagoodman](https://github.com/wagoodman)) - -**Closed issues:** - -- Enable auto pre-release goreleaser flag in release pipeline [\#119](https://github.com/anchore/grype/issues/119) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.2.0](https://github.com/anchore/grype/tree/v0.2.0) (2020-10-23) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.1.0...v0.2.0) + +**Implemented enhancements:** + +- Incorporate package.json & gemspec catalogers [\#187](https://github.com/anchore/grype/pull/187) ([wagoodman](https://github.com/wagoodman)) +- Update install script arguments for proper argument processing [\#181](https://github.com/anchore/grype/pull/181) ([wagoodman](https://github.com/wagoodman)) +- Run checks on PRs from forks [\#180](https://github.com/anchore/grype/pull/180) ([wagoodman](https://github.com/wagoodman)) +- Edit typo in readme [\#179](https://github.com/anchore/grype/pull/179) ([gsiener](https://github.com/gsiener)) +- Incorporate gemspec cataloger [\#177](https://github.com/anchore/grype/pull/177) ([wagoodman](https://github.com/wagoodman)) +- Migrate to GHA pipeline [\#176](https://github.com/anchore/grype/pull/176) ([wagoodman](https://github.com/wagoodman)) + +**Closed issues:** + +- Enable auto pre-release goreleaser flag in release pipeline [\#119](https://github.com/anchore/grype/issues/119) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/grype/v0.20.0.md b/content/docs/releases/grype/v0.20.0.md index 270ba822..c1583208 100644 --- a/content/docs/releases/grype/v0.20.0.md +++ b/content/docs/releases/grype/v0.20.0.md @@ -11,31 +11,28 @@ description = "Release notes for grype v0.20.0" Version [v0.20.0](https://github.com/anchore/grype/releases/tag/v0.20.0) -## [v0.20.0](https://github.com/anchore/grype/tree/v0.20.0) (2021-09-23) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.19.0...v0.20.0) - -**Implemented enhancements:** - -- Allow CPE parsing failures [\#425](https://github.com/anchore/grype/pull/425) ([luhring](https://github.com/luhring)) -- Add syft version to version command output [\#420](https://github.com/anchore/grype/pull/420) ([spiffcs](https://github.com/spiffcs)) - -**Fixed bugs:** - -- False positive on Centos/Rhel openjdk package [\#419](https://github.com/anchore/grype/issues/419) -- Java group ID not found resulting in missed results [\#378](https://github.com/anchore/grype/issues/378) -- False positive on sentry and other libs [\#280](https://github.com/anchore/grype/issues/280) -- update log file permissions to 0644 [\#422](https://github.com/anchore/grype/pull/422) ([spiffcs](https://github.com/spiffcs)) -- Update KB constraint to not satisfy if raw constraint is empty. [\#421](https://github.com/anchore/grype/pull/421) ([Vijay-P](https://github.com/Vijay-P)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/grype:latest` -- `docker pull anchore/grype:v0.20.0` -- `docker pull anchore/grype:v0` +## [v0.20.0](https://github.com/anchore/grype/tree/v0.20.0) (2021-09-23) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.19.0...v0.20.0) + +**Implemented enhancements:** + +- Allow CPE parsing failures [\#425](https://github.com/anchore/grype/pull/425) ([luhring](https://github.com/luhring)) +- Add syft version to version command output [\#420](https://github.com/anchore/grype/pull/420) ([spiffcs](https://github.com/spiffcs)) + +**Fixed bugs:** + +- False positive on Centos/Rhel openjdk package [\#419](https://github.com/anchore/grype/issues/419) +- Java group ID not found resulting in missed results [\#378](https://github.com/anchore/grype/issues/378) +- False positive on sentry and other libs [\#280](https://github.com/anchore/grype/issues/280) +- update log file permissions to 0644 [\#422](https://github.com/anchore/grype/pull/422) ([spiffcs](https://github.com/spiffcs)) +- Update KB constraint to not satisfy if raw constraint is empty. [\#421](https://github.com/anchore/grype/pull/421) ([Vijay-P](https://github.com/Vijay-P)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/grype:latest` +- `docker pull anchore/grype:v0.20.0` +- `docker pull anchore/grype:v0` - `docker pull anchore/grype:v0.20` diff --git a/content/docs/releases/grype/v0.21.0.md b/content/docs/releases/grype/v0.21.0.md index a083ccde..30bc3144 100644 --- a/content/docs/releases/grype/v0.21.0.md +++ b/content/docs/releases/grype/v0.21.0.md @@ -11,26 +11,24 @@ description = "Release notes for grype v0.21.0" Version [v0.21.0](https://github.com/anchore/grype/releases/tag/v0.21.0) -## [v0.21.0](https://github.com/anchore/grype/tree/v0.21.0) (2021-09-28) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.20.0...v0.21.0) - -**Implemented enhancements:** - -- Add data-driven language matching [\#434](https://github.com/anchore/grype/pull/434) ([wagoodman](https://github.com/wagoodman)) -- Add default matcher \(language + CPE matching\) [\#432](https://github.com/anchore/grype/pull/432) ([wagoodman](https://github.com/wagoodman)) - -**Fixed bugs:** - -- Grype raise error: "failed to catalog: failed to parse CPE" [\#417](https://github.com/anchore/grype/issues/417) - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/grype:latest` -- `docker pull anchore/grype:v0.21.0` -- `docker pull anchore/grype:v0` +## [v0.21.0](https://github.com/anchore/grype/tree/v0.21.0) (2021-09-28) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.20.0...v0.21.0) + +**Implemented enhancements:** + +- Add data-driven language matching [\#434](https://github.com/anchore/grype/pull/434) ([wagoodman](https://github.com/wagoodman)) +- Add default matcher \(language + CPE matching\) [\#432](https://github.com/anchore/grype/pull/432) ([wagoodman](https://github.com/wagoodman)) + +**Fixed bugs:** + +- Grype raise error: "failed to catalog: failed to parse CPE" [\#417](https://github.com/anchore/grype/issues/417) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/grype:latest` +- `docker pull anchore/grype:v0.21.0` +- `docker pull anchore/grype:v0` - `docker pull anchore/grype:v0.21` diff --git a/content/docs/releases/grype/v0.22.0.md b/content/docs/releases/grype/v0.22.0.md index 47159913..24d78f21 100644 --- a/content/docs/releases/grype/v0.22.0.md +++ b/content/docs/releases/grype/v0.22.0.md @@ -11,26 +11,23 @@ description = "Release notes for grype v0.22.0" Version [v0.22.0](https://github.com/anchore/grype/releases/tag/v0.22.0) -## [v0.22.0](https://github.com/anchore/grype/tree/v0.22.0) (2021-09-30) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.21.0...v0.22.0) - -**Implemented enhancements:** - -- Ability to ignore vulnerability matches \(to help manage false positives\) [\#198](https://github.com/anchore/grype/issues/198) - -**Fixed bugs:** - -- False positives for perl-\* packages in centos:8 images [\#437](https://github.com/anchore/grype/issues/437) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/grype:latest` -- `docker pull anchore/grype:v0.22.0` -- `docker pull anchore/grype:v0` +## [v0.22.0](https://github.com/anchore/grype/tree/v0.22.0) (2021-09-30) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.21.0...v0.22.0) + +**Implemented enhancements:** + +- Ability to ignore vulnerability matches \(to help manage false positives\) [\#198](https://github.com/anchore/grype/issues/198) + +**Fixed bugs:** + +- False positives for perl-\* packages in centos:8 images [\#437](https://github.com/anchore/grype/issues/437) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/grype:latest` +- `docker pull anchore/grype:v0.22.0` +- `docker pull anchore/grype:v0` - `docker pull anchore/grype:v0.22` diff --git a/content/docs/releases/grype/v0.23.0.md b/content/docs/releases/grype/v0.23.0.md index afb80d4e..0fa6b441 100644 --- a/content/docs/releases/grype/v0.23.0.md +++ b/content/docs/releases/grype/v0.23.0.md @@ -11,24 +11,22 @@ description = "Release notes for grype v0.23.0" Version [v0.23.0](https://github.com/anchore/grype/releases/tag/v0.23.0) -## [v0.23.0](https://github.com/anchore/grype/tree/v0.23.0) (2021-10-06) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.22.0...v0.23.0) - -**Implemented enhancements:** - -- add an option to output the report into a file rather than redirecting the output [\#207](https://github.com/anchore/grype/issues/207) - -**Fixed bugs:** - -- Cannot handle Syft SBOM for directory scans [\#298](https://github.com/anchore/grype/issues/298) - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/grype:v0.23.0` -- `docker pull anchore/grype:v0` +## [v0.23.0](https://github.com/anchore/grype/tree/v0.23.0) (2021-10-06) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.22.0...v0.23.0) + +**Implemented enhancements:** + +- add an option to output the report into a file rather than redirecting the output [\#207](https://github.com/anchore/grype/issues/207) + +**Fixed bugs:** + +- Cannot handle Syft SBOM for directory scans [\#298](https://github.com/anchore/grype/issues/298) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/grype:v0.23.0` +- `docker pull anchore/grype:v0` - `docker pull anchore/grype:v0.23` diff --git a/content/docs/releases/grype/v0.24.0.md b/content/docs/releases/grype/v0.24.0.md index 69884157..533a2404 100644 --- a/content/docs/releases/grype/v0.24.0.md +++ b/content/docs/releases/grype/v0.24.0.md @@ -11,28 +11,28 @@ description = "Release notes for grype v0.24.0" Version [v0.24.0](https://github.com/anchore/grype/releases/tag/v0.24.0) -## [v0.24.0](https://github.com/anchore/grype/tree/v0.23.0) (2021-10-25) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.23.0...v0.24.0) - -## Added Features - -- Filter vulnerabilities without fixes [[Issue #175](https://github.com/anchore/grype/issues/175)] -- Add a release for `linux/arm64` [[Issue #362](https://github.com/anchore/grype/issues/362)] -- Add windows support [[Issue #447](https://github.com/anchore/grype/issues/447)] - -## Bug Fixes - -- Cannot handle Syft SBOM for directory scans [[Issue #298](https://github.com/anchore/grype/issues/298)] -- False positive for package version appended with a release number (e.g. 1.5.1-r1) [[Issue #427](https://github.com/anchore/grype/issues/427)] -- Image parsing hang if finds a directory with name ending in space [[Issue #460](https://github.com/anchore/grype/issues/460)] -- Scan against container generating error and usage prompt on finding vulnerability [[Issue #461](https://github.com/anchore/grype/issues/461)] - -## Docker images - -- `docker pull anchore/grype:v0.24.0-amd64` -- `docker pull anchore/grype:v0-amd64` -- `docker pull anchore/grype:v0.24-amd64` -- `docker pull anchore/grype:v0.24.0-arm64v8` -- `docker pull anchore/grype:v0-arm64v8` +## [v0.24.0](https://github.com/anchore/grype/tree/v0.23.0) (2021-10-25) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.23.0...v0.24.0) + +## Added Features + +- Filter vulnerabilities without fixes [[Issue #175](https://github.com/anchore/grype/issues/175)] +- Add a release for `linux/arm64` [[Issue #362](https://github.com/anchore/grype/issues/362)] +- Add windows support [[Issue #447](https://github.com/anchore/grype/issues/447)] + +## Bug Fixes + +- Cannot handle Syft SBOM for directory scans [[Issue #298](https://github.com/anchore/grype/issues/298)] +- False positive for package version appended with a release number (e.g. 1.5.1-r1) [[Issue #427](https://github.com/anchore/grype/issues/427)] +- Image parsing hang if finds a directory with name ending in space [[Issue #460](https://github.com/anchore/grype/issues/460)] +- Scan against container generating error and usage prompt on finding vulnerability [[Issue #461](https://github.com/anchore/grype/issues/461)] + +## Docker images + +- `docker pull anchore/grype:v0.24.0-amd64` +- `docker pull anchore/grype:v0-amd64` +- `docker pull anchore/grype:v0.24-amd64` +- `docker pull anchore/grype:v0.24.0-arm64v8` +- `docker pull anchore/grype:v0-arm64v8` - `docker pull anchore/grype:v0.24-arm64v8` diff --git a/content/docs/releases/grype/v0.24.1.md b/content/docs/releases/grype/v0.24.1.md index d3583578..a6c4a4a4 100644 --- a/content/docs/releases/grype/v0.24.1.md +++ b/content/docs/releases/grype/v0.24.1.md @@ -11,15 +11,15 @@ description = "Release notes for grype v0.24.1" Version [v0.24.1](https://github.com/anchore/grype/releases/tag/v0.24.1) -## [v0.24.1](https://github.com/anchore/grype/tree/v0.24.1) (2021-11-05) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.24.0...v0.24.1) - -## Bug Fixes - -- Unable to invoke grype as an external process since 0.8.0 [[Issue #267](https://github.com/anchore/grype/issues/267)] -- Homebrew - Tapping fails: Formulae require at least a URL on Apple M1 [[Issue #401](https://github.com/anchore/grype/issues/401)] - -## Docker images - +## [v0.24.1](https://github.com/anchore/grype/tree/v0.24.1) (2021-11-05) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.24.0...v0.24.1) + +## Bug Fixes + +- Unable to invoke grype as an external process since 0.8.0 [[Issue #267](https://github.com/anchore/grype/issues/267)] +- Homebrew - Tapping fails: Formulae require at least a URL on Apple M1 [[Issue #401](https://github.com/anchore/grype/issues/401)] + +## Docker images + - `docker pull anchore/grype:0.24.1` diff --git a/content/docs/releases/grype/v0.25.0.md b/content/docs/releases/grype/v0.25.0.md index da679305..b90cfcb5 100644 --- a/content/docs/releases/grype/v0.25.0.md +++ b/content/docs/releases/grype/v0.25.0.md @@ -11,13 +11,13 @@ description = "Release notes for grype v0.25.0" Version [v0.25.0](https://github.com/anchore/grype/releases/tag/v0.25.0) -[Full Changelog](https://github.com/anchore/grype/compare/v0.24.1...) - -## Added Features - -- Use existing registry authentication such as Docker config [[Issue #478](https://github.com/anchore/grype/issues/478)] -- Add Rocky Linux Support[[PR #500](https://github.com/anchore/grype/pull/500)] - -## Docker images - +[Full Changelog](https://github.com/anchore/grype/compare/v0.24.1...) + +## Added Features + +- Use existing registry authentication such as Docker config [[Issue #478](https://github.com/anchore/grype/issues/478)] +- Add Rocky Linux Support[[PR #500](https://github.com/anchore/grype/pull/500)] + +## Docker images + - `docker pull anchore/grype:0.25.0` diff --git a/content/docs/releases/grype/v0.25.1.md b/content/docs/releases/grype/v0.25.1.md index 72c0c9a7..83f2509a 100644 --- a/content/docs/releases/grype/v0.25.1.md +++ b/content/docs/releases/grype/v0.25.1.md @@ -11,9 +11,10 @@ description = "Release notes for grype v0.25.1" Version [v0.25.1](https://github.com/anchore/grype/releases/tag/v0.25.1) -[Full Changelog](https://github.com/anchore/grype/compare/v0.25.0...) -- Update grype to use the latest grype-db so correct namespace for rocky linux distributions is used in vulnerability matching [PR #501] - -## Docker images - +[Full Changelog](https://github.com/anchore/grype/compare/v0.25.0...) + +- Update grype to use the latest grype-db so correct namespace for rocky linux distributions is used in vulnerability matching [PR #501] + +## Docker images + - `docker pull anchore/grype:0.25.1` diff --git a/content/docs/releases/grype/v0.26.1.md b/content/docs/releases/grype/v0.26.1.md index 1c96e077..a400b530 100644 --- a/content/docs/releases/grype/v0.26.1.md +++ b/content/docs/releases/grype/v0.26.1.md @@ -11,18 +11,15 @@ description = "Release notes for grype v0.26.1" Version [v0.26.1](https://github.com/anchore/grype/releases/tag/v0.26.1) -## [v0.26.1](https://github.com/anchore/grype/tree/v0.26.1) (2021-12-03) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.25.1...v0.26.1) - -## Added Features - -- Add db list command [[PR #506](https://github.com/anchore/grype/pull/506)] [[wagoodman](https://github.com/wagoodman)] -- Custom CA support for db.update-url [[Issue #493](https://github.com/anchore/grype/issues/493)] - - - - -## Docker images - +## [v0.26.1](https://github.com/anchore/grype/tree/v0.26.1) (2021-12-03) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.25.1...v0.26.1) + +## Added Features + +- Add db list command [[PR #506](https://github.com/anchore/grype/pull/506)] [[wagoodman](https://github.com/wagoodman)] +- Custom CA support for db.update-url [[Issue #493](https://github.com/anchore/grype/issues/493)] + +## Docker images + - `docker pull anchore/grype:v0.26.1` diff --git a/content/docs/releases/grype/v0.27.0.md b/content/docs/releases/grype/v0.27.0.md index ede4d323..f5b68cf7 100644 --- a/content/docs/releases/grype/v0.27.0.md +++ b/content/docs/releases/grype/v0.27.0.md @@ -11,14 +11,14 @@ description = "Release notes for grype v0.27.0" Version [v0.27.0](https://github.com/anchore/grype/releases/tag/v0.27.0) -## [v0.27.0](https://github.com/anchore/grype/tree/v0.27.0) (2021-12-08) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.26.1...v0.27.0) - -## Added Features - -- Adding AlmaLinux OS Support [[PR #514](https://github.com/anchore/grype/pull/514)] [[srbala](https://github.com/srbala)] - -## Docker images - +## [v0.27.0](https://github.com/anchore/grype/tree/v0.27.0) (2021-12-08) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.26.1...v0.27.0) + +## Added Features + +- Adding AlmaLinux OS Support [[PR #514](https://github.com/anchore/grype/pull/514)] [[srbala](https://github.com/srbala)] + +## Docker images + - `docker pull anchore/grype:v0.27.0` diff --git a/content/docs/releases/grype/v0.27.1.md b/content/docs/releases/grype/v0.27.1.md index b16ad1fb..405e9f64 100644 --- a/content/docs/releases/grype/v0.27.1.md +++ b/content/docs/releases/grype/v0.27.1.md @@ -11,17 +11,15 @@ description = "Release notes for grype v0.27.1" Version [v0.27.1](https://github.com/anchore/grype/releases/tag/v0.27.1) -## [v0.27.1](https://github.com/anchore/grype/tree/v0.27.1) (2021-12-14) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.27.0...v0.27.1) - -## Bug Fixes - -- panic: runtime error: invalid memory address or nil pointer dereference (deb package parsing) [[Issue #523](https://github.com/anchore/grype/issues/523)] -- panic: runtime error: invalid memory address or nil pointer dereference (go binary parsing) [[Issue #526](https://github.com/anchore/grype/issues/526)] - - - -## Docker images - +## [v0.27.1](https://github.com/anchore/grype/tree/v0.27.1) (2021-12-14) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.27.0...v0.27.1) + +## Bug Fixes + +- panic: runtime error: invalid memory address or nil pointer dereference (deb package parsing) [[Issue #523](https://github.com/anchore/grype/issues/523)] +- panic: runtime error: invalid memory address or nil pointer dereference (go binary parsing) [[Issue #526](https://github.com/anchore/grype/issues/526)] + +## Docker images + - `docker pull anchore/grype:v0.27.1` diff --git a/content/docs/releases/grype/v0.27.2.md b/content/docs/releases/grype/v0.27.2.md index c6f1e253..c0bc651c 100644 --- a/content/docs/releases/grype/v0.27.2.md +++ b/content/docs/releases/grype/v0.27.2.md @@ -11,16 +11,14 @@ description = "Release notes for grype v0.27.2" Version [v0.27.2](https://github.com/anchore/grype/releases/tag/v0.27.2) -## [v0.27.2](https://github.com/anchore/grype/tree/v0.27.2) (2021-12-14) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.27.1...v0.27.2) - - -## Bug Fixes - -- Index out of range while scanning Java webapps [[Issue #538](https://github.com/anchore/grype/issues/538)] - - -## Docker images - +## [v0.27.2](https://github.com/anchore/grype/tree/v0.27.2) (2021-12-14) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.27.1...v0.27.2) + +## Bug Fixes + +- Index out of range while scanning Java webapps [[Issue #538](https://github.com/anchore/grype/issues/538)] + +## Docker images + - `docker pull anchore/grype:v0.27.2` diff --git a/content/docs/releases/grype/v0.27.3.md b/content/docs/releases/grype/v0.27.3.md index 11924f09..e5f8fda0 100644 --- a/content/docs/releases/grype/v0.27.3.md +++ b/content/docs/releases/grype/v0.27.3.md @@ -11,17 +11,14 @@ description = "Release notes for grype v0.27.3" Version [v0.27.3](https://github.com/anchore/grype/releases/tag/v0.27.3) -## [v0.27.3](https://github.com/anchore/grype/tree/v0.27.3) (2021-12-16) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.27.2...v0.27.3) - -## Bug Fixes - -- Panic when a package has been added to a catalog multiple times [[Issue #548](https://github.com/anchore/grype/issues/548)] - - - - -## Docker images - +## [v0.27.3](https://github.com/anchore/grype/tree/v0.27.3) (2021-12-16) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.27.2...v0.27.3) + +## Bug Fixes + +- Panic when a package has been added to a catalog multiple times [[Issue #548](https://github.com/anchore/grype/issues/548)] + +## Docker images + - `docker pull anchore/grype:v0.27.3` diff --git a/content/docs/releases/grype/v0.28.0.md b/content/docs/releases/grype/v0.28.0.md index 95f4d464..9c17ce3a 100644 --- a/content/docs/releases/grype/v0.28.0.md +++ b/content/docs/releases/grype/v0.28.0.md @@ -11,25 +11,22 @@ description = "Release notes for grype v0.28.0" Version [v0.28.0](https://github.com/anchore/grype/releases/tag/v0.28.0) -## [v0.28.0](https://github.com/anchore/grype/tree/v0.28.0) (2021-12-22) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.27.3...v0.28.0) - -## Added Features - -- Path filtering for file system scanning [[Issue #389](https://github.com/anchore/grype/issues/389)] -- Grype verbose log version [[Issue #555](https://github.com/anchore/grype/issues/555)] - -## Bug Fixes - -- Java packages sometimes missing version information [[Issue #504](https://github.com/anchore/grype/issues/504)] -- False positives cases for CVE-2021-44228 [[Issue #552](https://github.com/anchore/grype/issues/552)] -- Error when scanning a single file (e.g. zip, war, etc.) and using JSON output format [[Issue #554](https://github.com/anchore/grype/issues/554)] -- MacOS install fails using GNU coreutils version of cp [[Issue #560](https://github.com/anchore/grype/issues/560)] - - - - -## Docker images - +## [v0.28.0](https://github.com/anchore/grype/tree/v0.28.0) (2021-12-22) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.27.3...v0.28.0) + +## Added Features + +- Path filtering for file system scanning [[Issue #389](https://github.com/anchore/grype/issues/389)] +- Grype verbose log version [[Issue #555](https://github.com/anchore/grype/issues/555)] + +## Bug Fixes + +- Java packages sometimes missing version information [[Issue #504](https://github.com/anchore/grype/issues/504)] +- False positives cases for CVE-2021-44228 [[Issue #552](https://github.com/anchore/grype/issues/552)] +- Error when scanning a single file (e.g. zip, war, etc.) and using JSON output format [[Issue #554](https://github.com/anchore/grype/issues/554)] +- MacOS install fails using GNU coreutils version of cp [[Issue #560](https://github.com/anchore/grype/issues/560)] + +## Docker images + - `docker pull anchore/grype:v0.28.0` diff --git a/content/docs/releases/grype/v0.29.0.md b/content/docs/releases/grype/v0.29.0.md index 70d89ae6..bf0fcada 100644 --- a/content/docs/releases/grype/v0.29.0.md +++ b/content/docs/releases/grype/v0.29.0.md @@ -11,20 +11,18 @@ description = "Release notes for grype v0.29.0" Version [v0.29.0](https://github.com/anchore/grype/releases/tag/v0.29.0) -## [v0.29.0](https://github.com/anchore/grype/tree/v0.29.0) (2022-01-07) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.28.0...v0.29.0) - -## Added Features -- update syft to version [v0.35.0](https://github.com/anchore/syft/releases) - -## Bug Fixes - -- ability to go install "github.com/anchore/grype" [[Issue #568](https://github.com/anchore/grype/issues/568)] - - - - -## Docker images - +## [v0.29.0](https://github.com/anchore/grype/tree/v0.29.0) (2022-01-07) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.28.0...v0.29.0) + +## Added Features + +- update syft to version [v0.35.0](https://github.com/anchore/syft/releases) + +## Bug Fixes + +- ability to go install "github.com/anchore/grype" [[Issue #568](https://github.com/anchore/grype/issues/568)] + +## Docker images + - `docker pull anchore/grype:v0.29.0` diff --git a/content/docs/releases/grype/v0.3.0.md b/content/docs/releases/grype/v0.3.0.md index 341c9365..e31a3af5 100644 --- a/content/docs/releases/grype/v0.3.0.md +++ b/content/docs/releases/grype/v0.3.0.md @@ -11,18 +11,17 @@ description = "Release notes for grype v0.3.0" Version [v0.3.0](https://github.com/anchore/grype/releases/tag/v0.3.0) -## [v0.3.0](https://github.com/anchore/grype/tree/v0.3.0) (2020-11-05) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.2.0...v0.3.0) - -**Implemented enhancements:** - -- Update Syft from v0.4.0 to v0.5.1 [\#195](https://github.com/anchore/grype/pull/195) ([luhring](https://github.com/luhring)) - -**Fixed bugs:** - -- Resolve security warning for macOS users [\#194](https://github.com/anchore/grype/pull/194) ([luhring](https://github.com/luhring)) -- Fixes to acceptance workflows [\#195](https://github.com/anchore/grype/pull/195) ([luhring](https://github.com/luhring)) - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.3.0](https://github.com/anchore/grype/tree/v0.3.0) (2020-11-05) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.2.0...v0.3.0) + +**Implemented enhancements:** + +- Update Syft from v0.4.0 to v0.5.1 [\#195](https://github.com/anchore/grype/pull/195) ([luhring](https://github.com/luhring)) + +**Fixed bugs:** + +- Resolve security warning for macOS users [\#194](https://github.com/anchore/grype/pull/194) ([luhring](https://github.com/luhring)) +- Fixes to acceptance workflows [\#195](https://github.com/anchore/grype/pull/195) ([luhring](https://github.com/luhring)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/grype/v0.30.0.md b/content/docs/releases/grype/v0.30.0.md index c6e35bb1..5bc9a363 100644 --- a/content/docs/releases/grype/v0.30.0.md +++ b/content/docs/releases/grype/v0.30.0.md @@ -11,15 +11,14 @@ description = "Release notes for grype v0.30.0" Version [v0.30.0](https://github.com/anchore/grype/releases/tag/v0.30.0) -## [v0.30.0](https://github.com/anchore/grype/tree/v0.30.0) (2022-01-09) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.29.0...v0.30.0) - -## Added Features - -- Add search configuration [[PR #579](https://github.com/anchore/syft/pull/579)] [[wagoodman](https://github.com/wagoodman)] - - -## Docker images - +## [v0.30.0](https://github.com/anchore/grype/tree/v0.30.0) (2022-01-09) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.29.0...v0.30.0) + +## Added Features + +- Add search configuration [[PR #579](https://github.com/anchore/syft/pull/579)] [[wagoodman](https://github.com/wagoodman)] + +## Docker images + - `docker pull anchore/grype:v0.30.0` diff --git a/content/docs/releases/grype/v0.31.1.md b/content/docs/releases/grype/v0.31.1.md index a7567215..cb7c8845 100644 --- a/content/docs/releases/grype/v0.31.1.md +++ b/content/docs/releases/grype/v0.31.1.md @@ -11,21 +11,18 @@ description = "Release notes for grype v0.31.1" Version [v0.31.1](https://github.com/anchore/grype/releases/tag/v0.31.1) -## [v0.31.1](https://github.com/anchore/grype/tree/v0.31.1) (2022-01-11) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.30.0...v0.31.1) - -## Added Features - -- Update Containerd dependency to fix GHSA-mvff-h3cj-wj9c - -## Bug Fixes - -- Grype installation contains vulnerability GHSA-mvff-h3cj-wj9c [[Issue #583](https://github.com/anchore/grype/issues/583)] - - - - -## Docker images - +## [v0.31.1](https://github.com/anchore/grype/tree/v0.31.1) (2022-01-11) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.30.0...v0.31.1) + +## Added Features + +- Update Containerd dependency to fix GHSA-mvff-h3cj-wj9c + +## Bug Fixes + +- Grype installation contains vulnerability GHSA-mvff-h3cj-wj9c [[Issue #583](https://github.com/anchore/grype/issues/583)] + +## Docker images + - `docker pull anchore/grype:v0.31.1` diff --git a/content/docs/releases/grype/v0.32.0.md b/content/docs/releases/grype/v0.32.0.md index c800881e..7b43ec3e 100644 --- a/content/docs/releases/grype/v0.32.0.md +++ b/content/docs/releases/grype/v0.32.0.md @@ -11,18 +11,18 @@ description = "Release notes for grype v0.32.0" Version [v0.32.0](https://github.com/anchore/grype/releases/tag/v0.32.0) -## [v0.32.0](https://github.com/anchore/grype/tree/v0.32.0) (2022-01-20) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.31.1...v0.32.0) -## Features -- Upgrade Grype to latest version of syft. See full [release](https://github.com/anchore/syft/releases/tag/v0.36.0) for details. -## Bug Fixes - -- Error scanning SBOM from file: unsupported package metadata type: file [[Issue #592](https://github.com/anchore/grype/issues/592)] - - - - -## Docker images - +## [v0.32.0](https://github.com/anchore/grype/tree/v0.32.0) (2022-01-20) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.31.1...v0.32.0) + +## Features + +- Upgrade Grype to latest version of syft. See full [release](https://github.com/anchore/syft/releases/tag/v0.36.0) for details. + +## Bug Fixes + +- Error scanning SBOM from file: unsupported package metadata type: file [[Issue #592](https://github.com/anchore/grype/issues/592)] + +## Docker images + - `docker pull anchore/grype:v0.32.0` diff --git a/content/docs/releases/grype/v0.33.0.md b/content/docs/releases/grype/v0.33.0.md index cf9a0930..5d445509 100644 --- a/content/docs/releases/grype/v0.33.0.md +++ b/content/docs/releases/grype/v0.33.0.md @@ -11,15 +11,15 @@ description = "Release notes for grype v0.33.0" Version [v0.33.0](https://github.com/anchore/grype/releases/tag/v0.33.0) -## [v0.33.0](https://github.com/anchore/grype/tree/v0.33.0) (2022-02-15) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.32.0...v0.33.0) - -## Added Features - -- Add ability to merge matches [[PR #602](https://github.com/anchore/grype/pull/602)] [[wagoodman](https://github.com/wagoodman)] -- Allow for ingestion of SPDX SBOM documents as input [[Issue #395](https://github.com/anchore/grype/issues/395)] - -## Bug Fixes - +## [v0.33.0](https://github.com/anchore/grype/tree/v0.33.0) (2022-02-15) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.32.0...v0.33.0) + +## Added Features + +- Add ability to merge matches [[PR #602](https://github.com/anchore/grype/pull/602)] [[wagoodman](https://github.com/wagoodman)] +- Allow for ingestion of SPDX SBOM documents as input [[Issue #395](https://github.com/anchore/grype/issues/395)] + +## Bug Fixes + - Grype stuck on some images [[Issue #549](https://github.com/anchore/grype/issues/549)] diff --git a/content/docs/releases/grype/v0.33.1.md b/content/docs/releases/grype/v0.33.1.md index 8dc1a22a..65d8299d 100644 --- a/content/docs/releases/grype/v0.33.1.md +++ b/content/docs/releases/grype/v0.33.1.md @@ -11,10 +11,10 @@ description = "Release notes for grype v0.33.1" Version [v0.33.1](https://github.com/anchore/grype/releases/tag/v0.33.1) -## [v0.33.1](https://github.com/anchore/grype/tree/v0.33.1) (2022-02-27) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.33.0...v0.33.1) - -## Bug Fixes - +## [v0.33.1](https://github.com/anchore/grype/tree/v0.33.1) (2022-02-27) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.33.0...v0.33.1) + +## Bug Fixes + - Restore behavior of JSON distro block [[PR #643](https://github.com/anchore/grype/pull/643)] [[wagoodman](https://github.com/wagoodman)] diff --git a/content/docs/releases/grype/v0.34.1.md b/content/docs/releases/grype/v0.34.1.md index 181d1d92..07adf68c 100644 --- a/content/docs/releases/grype/v0.34.1.md +++ b/content/docs/releases/grype/v0.34.1.md @@ -11,16 +11,16 @@ description = "Release notes for grype v0.34.1" Version [v0.34.1](https://github.com/anchore/grype/releases/tag/v0.34.1) -## [v0.34.1](https://github.com/anchore/grype/tree/v0.34.1) (2022-03-15) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.33.1...v0.34.1) - -## Added Features - -- Add platform selection [[PR #666](https://github.com/anchore/grype/pull/666)] [[wagoodman](https://github.com/wagoodman)] -- Add SARIF report output [[Issue #304](https://github.com/anchore/grype/issues/304)] [[kzantow](https://github.com/kzantow)] -- Support CycloneDX as SBOM input to grype [[Issue #481](https://github.com/anchore/grype/issues/481)] [[kzantow](https://github.com/kzantow)] - -## Bug Fixes - -- Issue in Installation. err: anchore/grype err hash_sha256_verify unable to find checksum [[Issue #577](https://github.com/anchore/grype/issues/577)] [[spiffcs](https://github.com/spiffcs)] +## [v0.34.1](https://github.com/anchore/grype/tree/v0.34.1) (2022-03-15) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.33.1...v0.34.1) + +## Added Features + +- Add platform selection [[PR #666](https://github.com/anchore/grype/pull/666)] [[wagoodman](https://github.com/wagoodman)] +- Add SARIF report output [[Issue #304](https://github.com/anchore/grype/issues/304)] [[kzantow](https://github.com/kzantow)] +- Support CycloneDX as SBOM input to grype [[Issue #481](https://github.com/anchore/grype/issues/481)] [[kzantow](https://github.com/kzantow)] + +## Bug Fixes + +- Issue in Installation. err: anchore/grype err hash_sha256_verify unable to find checksum [[Issue #577](https://github.com/anchore/grype/issues/577)] [[spiffcs](https://github.com/spiffcs)] diff --git a/content/docs/releases/grype/v0.34.3.md b/content/docs/releases/grype/v0.34.3.md index f7775153..b29ce5c8 100644 --- a/content/docs/releases/grype/v0.34.3.md +++ b/content/docs/releases/grype/v0.34.3.md @@ -11,10 +11,10 @@ description = "Release notes for grype v0.34.3" Version [v0.34.3](https://github.com/anchore/grype/releases/tag/v0.34.3) -## [v0.34.3](https://github.com/anchore/grype/tree/v0.34.3) (2022-03-16) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.34.1...v0.34.3) - -## Bug Fixes - +## [v0.34.3](https://github.com/anchore/grype/tree/v0.34.3) (2022-03-16) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.34.1...v0.34.3) + +## Bug Fixes + - Panic: runtime error - when utilizing the vulnerability scanner on an cyclonedx sbom file input [[Issue #669](https://github.com/anchore/grype/issues/669)] [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/grype/v0.34.4.md b/content/docs/releases/grype/v0.34.4.md index 8ccc7b4e..6701b5a0 100644 --- a/content/docs/releases/grype/v0.34.4.md +++ b/content/docs/releases/grype/v0.34.4.md @@ -11,14 +11,14 @@ description = "Release notes for grype v0.34.4" Version [v0.34.4](https://github.com/anchore/grype/releases/tag/v0.34.4) -## [v0.34.4](https://github.com/anchore/grype/tree/v0.34.4) (2022-03-21) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.34.3...v0.34.4) - -## Bug Fixes - -- Correct issue with SARIF dir scan relative paths [[Issue #682](https://github.com/anchore/grype/issues/682)] [[kzantow](https://github.com/kzantow)] -- Update Syft lib to 0.42.1 [[Issue #683](https://github.com/anchore/grype/issues/683)] - - Fix CycloneDX license decoding [[PR #898](https://github.com/anchore/syft/pull/898)] [[kzantow](https://github.com/kzantow)] - - Fix image cleanup when there is an error [[PR #905](https://github.com/anchore/syft/pull/905)] [[wagoodman](https://github.com/wagoodman)] +## [v0.34.4](https://github.com/anchore/grype/tree/v0.34.4) (2022-03-21) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.34.3...v0.34.4) + +## Bug Fixes + +- Correct issue with SARIF dir scan relative paths [[Issue #682](https://github.com/anchore/grype/issues/682)] [[kzantow](https://github.com/kzantow)] +- Update Syft lib to 0.42.1 [[Issue #683](https://github.com/anchore/grype/issues/683)] + - Fix CycloneDX license decoding [[PR #898](https://github.com/anchore/syft/pull/898)] [[kzantow](https://github.com/kzantow)] + - Fix image cleanup when there is an error [[PR #905](https://github.com/anchore/syft/pull/905)] [[wagoodman](https://github.com/wagoodman)] - Omit H1Digest when empty [[PR #902](https://github.com/anchore/syft/pull/902)] [[jonasagx](https://github.com/jonasagx)] diff --git a/content/docs/releases/grype/v0.34.6.md b/content/docs/releases/grype/v0.34.6.md index 31fadbbb..4c6630f5 100644 --- a/content/docs/releases/grype/v0.34.6.md +++ b/content/docs/releases/grype/v0.34.6.md @@ -11,10 +11,10 @@ description = "Release notes for grype v0.34.6" Version [v0.34.6](https://github.com/anchore/grype/releases/tag/v0.34.6) -## [v0.34.5](https://github.com/anchore/grype/tree/v0.34.5) (2022-03-23) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.34.4...v0.34.5) - -## Bug Fixes - +## [v0.34.5](https://github.com/anchore/grype/tree/v0.34.5) (2022-03-23) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.34.4...v0.34.5) + +## Bug Fixes + - Improve SARIF path handling and severity [[PR #686](https://github.com/anchore/grype/pull/686)] [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/grype/v0.34.7.md b/content/docs/releases/grype/v0.34.7.md index e6013a46..449a3cde 100644 --- a/content/docs/releases/grype/v0.34.7.md +++ b/content/docs/releases/grype/v0.34.7.md @@ -11,11 +11,11 @@ description = "Release notes for grype v0.34.7" Version [v0.34.7](https://github.com/anchore/grype/releases/tag/v0.34.7) -## [v0.34.7](https://github.com/anchore/grype/tree/v0.34.7) (2022-03-24) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.34.6...v0.34.7) - -## Bug Fixes - -- Bump strset version to fix 386 builds [[PR #689](https://github.com/anchore/grype/pull/689)] [[wagoodman](https://github.com/wagoodman)] +## [v0.34.7](https://github.com/anchore/grype/tree/v0.34.7) (2022-03-24) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.34.6...v0.34.7) + +## Bug Fixes + +- Bump strset version to fix 386 builds [[PR #689](https://github.com/anchore/grype/pull/689)] [[wagoodman](https://github.com/wagoodman)] - Grype cannot handle empty SBOMs, results in SIGSEGV [[Issue #693](https://github.com/anchore/grype/issues/693)] [[luhring](https://github.com/luhring)] diff --git a/content/docs/releases/grype/v0.35.0.md b/content/docs/releases/grype/v0.35.0.md index c0c3f44f..f45dd4fb 100644 --- a/content/docs/releases/grype/v0.35.0.md +++ b/content/docs/releases/grype/v0.35.0.md @@ -11,18 +11,18 @@ description = "Release notes for grype v0.35.0" Version [v0.35.0](https://github.com/anchore/grype/releases/tag/v0.35.0) -## [v0.35.0](https://github.com/anchore/grype/tree/v0.35.0) (2022-04-13) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.34.7...v0.35.0) - -## Added Features - -- Indicate location of vulnerability [[Issue #561](https://github.com/anchore/grype/issues/561)] -- Optional External Data Source Reference for Maven Packages [[Issue #711](https://github.com/anchore/grype/issues/711)] - -## Bug Fixes - -- False positive (critical) on GHSA-8v27-2fg9-7h62 [[Issue #632](https://github.com/anchore/grype/issues/632)] -- False Positive on CVE-2020-36518 [[Issue #692](https://github.com/anchore/grype/issues/692)] -- Matches should be sorted by package name for template output [[Issue #696](https://github.com/anchore/grype/issues/696)] -- panic: runtime error: invalid memory address or nil pointer dereference [[Issue #702](https://github.com/anchore/grype/issues/702)] +## [v0.35.0](https://github.com/anchore/grype/tree/v0.35.0) (2022-04-13) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.34.7...v0.35.0) + +## Added Features + +- Indicate location of vulnerability [[Issue #561](https://github.com/anchore/grype/issues/561)] +- Optional External Data Source Reference for Maven Packages [[Issue #711](https://github.com/anchore/grype/issues/711)] + +## Bug Fixes + +- False positive (critical) on GHSA-8v27-2fg9-7h62 [[Issue #632](https://github.com/anchore/grype/issues/632)] +- False Positive on CVE-2020-36518 [[Issue #692](https://github.com/anchore/grype/issues/692)] +- Matches should be sorted by package name for template output [[Issue #696](https://github.com/anchore/grype/issues/696)] +- panic: runtime error: invalid memory address or nil pointer dereference [[Issue #702](https://github.com/anchore/grype/issues/702)] diff --git a/content/docs/releases/grype/v0.36.0.md b/content/docs/releases/grype/v0.36.0.md index 8ee652ca..c1bf9fda 100644 --- a/content/docs/releases/grype/v0.36.0.md +++ b/content/docs/releases/grype/v0.36.0.md @@ -11,15 +11,15 @@ description = "Release notes for grype v0.36.0" Version [v0.36.0](https://github.com/anchore/grype/releases/tag/v0.36.0) -## [v0.36.0](https://github.com/anchore/grype/tree/v0.36.0) (2022-04-29) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.35.0...v0.36.0) - -## Added Features - -- Add support for cyclonedx 1.4 and VEX [[Issue #591](https://github.com/anchore/grype/issues/591)] -- Read attestation file, validate attestation, produce vulnerability report [[Issue #644](https://github.com/anchore/grype/issues/644)] - -## Bug Fixes - +## [v0.36.0](https://github.com/anchore/grype/tree/v0.36.0) (2022-04-29) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.35.0...v0.36.0) + +## Added Features + +- Add support for cyclonedx 1.4 and VEX [[Issue #591](https://github.com/anchore/grype/issues/591)] +- Read attestation file, validate attestation, produce vulnerability report [[Issue #644](https://github.com/anchore/grype/issues/644)] + +## Bug Fixes + - Panic while running scan on directory [[Issue #715](https://github.com/anchore/grype/issues/715)] diff --git a/content/docs/releases/grype/v0.36.1.md b/content/docs/releases/grype/v0.36.1.md index 3ca26a8a..c59cc240 100644 --- a/content/docs/releases/grype/v0.36.1.md +++ b/content/docs/releases/grype/v0.36.1.md @@ -11,7 +11,8 @@ description = "Release notes for grype v0.36.1" Version [v0.36.1](https://github.com/anchore/grype/releases/tag/v0.36.1) -## [v0.36.1](https://github.com/anchore/grype/tree/v0.36.1) (2022-05-03) -Update grype to use syft v0.45.1 and reduce info level logging overload - +## [v0.36.1](https://github.com/anchore/grype/tree/v0.36.1) (2022-05-03) + +Update grype to use syft v0.45.1 and reduce info level logging overload + [Full Changelog](https://github.com/anchore/grype/compare/v0.36.0...v0.36.1) diff --git a/content/docs/releases/grype/v0.37.0.md b/content/docs/releases/grype/v0.37.0.md index 753d8031..82e9830e 100644 --- a/content/docs/releases/grype/v0.37.0.md +++ b/content/docs/releases/grype/v0.37.0.md @@ -11,18 +11,18 @@ description = "Release notes for grype v0.37.0" Version [v0.37.0](https://github.com/anchore/grype/releases/tag/v0.37.0) -## [v0.37.0](https://github.com/anchore/grype/tree/v0.37.0) (2022-05-13) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.36.1...v0.37.0) - -## Added Features - -- Add Dotnet support [[PR #747](https://github.com/anchore/grype/pull/747)] [[ckotzbauer](https://github.com/ckotzbauer)] - -## Security Fixes - -- Bump github.com/hashicorp/go-getter from 1.5.9 to 1.5.11 [[PR #742](https://github.com/anchore/grype/pull/742)] [[dependabot](https://github.com/dependabot)] - -## Bug Fixes - +## [v0.37.0](https://github.com/anchore/grype/tree/v0.37.0) (2022-05-13) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.36.1...v0.37.0) + +## Added Features + +- Add Dotnet support [[PR #747](https://github.com/anchore/grype/pull/747)] [[ckotzbauer](https://github.com/ckotzbauer)] + +## Security Fixes + +- Bump github.com/hashicorp/go-getter from 1.5.9 to 1.5.11 [[PR #742](https://github.com/anchore/grype/pull/742)] [[dependabot](https://github.com/dependabot)] + +## Bug Fixes + - Unable to determine the OS distribution (Ubuntu 20.04.4 LTS) [[Issue #684](https://github.com/anchore/grype/issues/684)] diff --git a/content/docs/releases/grype/v0.38.0.md b/content/docs/releases/grype/v0.38.0.md index 87b7e08f..b248066a 100644 --- a/content/docs/releases/grype/v0.38.0.md +++ b/content/docs/releases/grype/v0.38.0.md @@ -11,10 +11,10 @@ description = "Release notes for grype v0.38.0" Version [v0.38.0](https://github.com/anchore/grype/releases/tag/v0.38.0) -## [v0.38.0](https://github.com/anchore/grype/tree/v0.38.0) (2022-05-23) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.37.0...v0.38.0) - -## Added Features - +## [v0.38.0](https://github.com/anchore/grype/tree/v0.38.0) (2022-05-23) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.37.0...v0.38.0) + +## Added Features + - Dotnet-Support [[Issue #736](https://github.com/anchore/grype/issues/736)] diff --git a/content/docs/releases/grype/v0.39.0.md b/content/docs/releases/grype/v0.39.0.md index 596ec7f8..69b0225e 100644 --- a/content/docs/releases/grype/v0.39.0.md +++ b/content/docs/releases/grype/v0.39.0.md @@ -11,14 +11,16 @@ description = "Release notes for grype v0.39.0" Version [v0.39.0](https://github.com/anchore/grype/releases/tag/v0.39.0) -## [v0.39.0](https://github.com/anchore/grype/tree/v0.39.0) (2022-06-09) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.38.0...v0.39.0) - -## Features -- Support newer versions of 'rpm' that use Sqlite for the db instead of BerkeleyDB [[Issue #469](https://github.com/anchore/syft/issues/469)] -## Bug Fixes - -- Template errors don't lead to non-zero exit status [[Issue #623](https://github.com/anchore/grype/issues/623)] -- Issues with Grype's handling of template output for invalid templates [[Issue #625](https://github.com/anchore/grype/issues/625)] +## [v0.39.0](https://github.com/anchore/grype/tree/v0.39.0) (2022-06-09) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.38.0...v0.39.0) + +## Features + +- Support newer versions of 'rpm' that use Sqlite for the db instead of BerkeleyDB [[Issue #469](https://github.com/anchore/syft/issues/469)] + +## Bug Fixes + +- Template errors don't lead to non-zero exit status [[Issue #623](https://github.com/anchore/grype/issues/623)] +- Issues with Grype's handling of template output for invalid templates [[Issue #625](https://github.com/anchore/grype/issues/625)] - Grype reports some critical Vault CVE on itself [[Issue #676](https://github.com/anchore/grype/issues/676)] diff --git a/content/docs/releases/grype/v0.4.0.md b/content/docs/releases/grype/v0.4.0.md index 5d4e5596..649f200c 100644 --- a/content/docs/releases/grype/v0.4.0.md +++ b/content/docs/releases/grype/v0.4.0.md @@ -11,20 +11,18 @@ description = "Release notes for grype v0.4.0" Version [v0.4.0](https://github.com/anchore/grype/releases/tag/v0.4.0) -## [v0.4.0](https://github.com/anchore/grype/tree/v0.4.0) (2020-11-12) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.3.0...v0.4.0) - -**Implemented enhancements:** - -- Bump syft from v0.5.1 to v0.7.1 [\#206](https://github.com/anchore/grype/pull/206) ([wagoodman](https://github.com/wagoodman)) -- Add signed and notarized ZIP release asset [\#205](https://github.com/anchore/grype/pull/205) ([luhring](https://github.com/luhring)) - -**Fixed bugs:** - -- Updates for macOS release process [\#201](https://github.com/anchore/grype/pull/201) ([luhring](https://github.com/luhring)) -- Remove darwin target from primary build entry [\#199](https://github.com/anchore/grype/pull/199) ([luhring](https://github.com/luhring)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.4.0](https://github.com/anchore/grype/tree/v0.4.0) (2020-11-12) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.3.0...v0.4.0) + +**Implemented enhancements:** + +- Bump syft from v0.5.1 to v0.7.1 [\#206](https://github.com/anchore/grype/pull/206) ([wagoodman](https://github.com/wagoodman)) +- Add signed and notarized ZIP release asset [\#205](https://github.com/anchore/grype/pull/205) ([luhring](https://github.com/luhring)) + +**Fixed bugs:** + +- Updates for macOS release process [\#201](https://github.com/anchore/grype/pull/201) ([luhring](https://github.com/luhring)) +- Remove darwin target from primary build entry [\#199](https://github.com/anchore/grype/pull/199) ([luhring](https://github.com/luhring)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/grype/v0.40.0.md b/content/docs/releases/grype/v0.40.0.md index dae20be6..c7c3ddc7 100644 --- a/content/docs/releases/grype/v0.40.0.md +++ b/content/docs/releases/grype/v0.40.0.md @@ -17,7 +17,7 @@ Version [v0.40.0](https://github.com/anchore/grype/releases/tag/v0.40.0) ## Added Features -- Be clear about version and data staleness [[Issue #240](https://github.com/anchore/grype/issues/240)] +- Be clear about version and data staleness [[Issue #240](https://github.com/anchore/grype/issues/240)] - Add a dockerized workflow for local dev [[Issue #782](https://github.com/anchore/grype/issues/782)] - Update grype documentation to include golang [[Issue #787](https://github.com/anchore/grype/issues/787)] diff --git a/content/docs/releases/grype/v0.40.1.md b/content/docs/releases/grype/v0.40.1.md index f6e9adc1..4e1966f2 100644 --- a/content/docs/releases/grype/v0.40.1.md +++ b/content/docs/releases/grype/v0.40.1.md @@ -11,14 +11,15 @@ description = "Release notes for grype v0.40.1" Version [v0.40.1](https://github.com/anchore/grype/releases/tag/v0.40.1) -## [v0.40.1](https://github.com/anchore/grype/tree/v0.40.1) (2022-06-24) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.40.0...v0.40.1) - -## Features -- update syft to v0.49.0 [release](https://github.com/anchore/syft/releases/tag/v0.49.0) - -## Bug Fixes - -- grype fixed version cyclonedxjson [[Issue #762](https://github.com/anchore/grype/issues/762)] +## [v0.40.1](https://github.com/anchore/grype/tree/v0.40.1) (2022-06-24) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.40.0...v0.40.1) + +## Features + +- update syft to v0.49.0 [release](https://github.com/anchore/syft/releases/tag/v0.49.0) + +## Bug Fixes + +- grype fixed version cyclonedxjson [[Issue #762](https://github.com/anchore/grype/issues/762)] - Include php in Grype supported languages [[Issue #792](https://github.com/anchore/grype/issues/792)] diff --git a/content/docs/releases/grype/v0.41.0.md b/content/docs/releases/grype/v0.41.0.md index a70f3f55..796c947b 100644 --- a/content/docs/releases/grype/v0.41.0.md +++ b/content/docs/releases/grype/v0.41.0.md @@ -11,16 +11,17 @@ description = "Release notes for grype v0.41.0" Version [v0.41.0](https://github.com/anchore/grype/releases/tag/v0.41.0) -## [v0.41.0](https://github.com/anchore/grype/tree/v0.41.0) (2022-07-06) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.40.1...v0.41.0) - -## Features -- Upgrade to a new vulnerability database schema v4 [[PR #803](https://github.com/anchore/grype/commit/44032c514c1fb4e2f60d568a7ef51f894bc404f1)] - -## Bug Fixes - -- Grype Busy Box Vulnerabilities resolved [[Issue #510](https://github.com/anchore/grype/issues/510)] -- Vulnerabilities now reported under php (composer) [[Issue #797](https://github.com/anchore/grype/issues/797)] -- Grype outputs listed properly [[Issue #801](https://github.com/anchore/grype/issues/801)] +## [v0.41.0](https://github.com/anchore/grype/tree/v0.41.0) (2022-07-06) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.40.1...v0.41.0) + +## Features + +- Upgrade to a new vulnerability database schema v4 [[PR #803](https://github.com/anchore/grype/commit/44032c514c1fb4e2f60d568a7ef51f894bc404f1)] + +## Bug Fixes + +- Grype Busy Box Vulnerabilities resolved [[Issue #510](https://github.com/anchore/grype/issues/510)] +- Vulnerabilities now reported under php (composer) [[Issue #797](https://github.com/anchore/grype/issues/797)] +- Grype outputs listed properly [[Issue #801](https://github.com/anchore/grype/issues/801)] - Grype db update command now shows spinner [[Issue #805](https://github.com/anchore/grype/issues/805)] diff --git a/content/docs/releases/grype/v0.43.0.md b/content/docs/releases/grype/v0.43.0.md index 01d2aba0..8e51f531 100644 --- a/content/docs/releases/grype/v0.43.0.md +++ b/content/docs/releases/grype/v0.43.0.md @@ -11,15 +11,16 @@ description = "Release notes for grype v0.43.0" Version [v0.43.0](https://github.com/anchore/grype/releases/tag/v0.43.0) -## [v0.43.0](https://github.com/anchore/grype/tree/v0.43.0) (2022-07-18) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.42.0...v0.43.0) - -## Added Features -- Remove matching for main go module matcher [[PR #829](https://github.com/anchore/grype/pull/829)] -- Add --only-notfixed to complete the existing and useful --only-fixed [[Issue #824](https://github.com/anchore/grype/issues/824)] - -## Bug Fixes - -- Cannot concurrently access sqlite DB within a single process [[Issue #155](https://github.com/anchore/grype/issues/155)] +## [v0.43.0](https://github.com/anchore/grype/tree/v0.43.0) (2022-07-18) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.42.0...v0.43.0) + +## Added Features + +- Remove matching for main go module matcher [[PR #829](https://github.com/anchore/grype/pull/829)] +- Add --only-notfixed to complete the existing and useful --only-fixed [[Issue #824](https://github.com/anchore/grype/issues/824)] + +## Bug Fixes + +- Cannot concurrently access sqlite DB within a single process [[Issue #155](https://github.com/anchore/grype/issues/155)] - False positive of CVE-2020-16250 and CVE-2020-16251 [[Issue #712](https://github.com/anchore/grype/issues/712)] diff --git a/content/docs/releases/grype/v0.44.0.md b/content/docs/releases/grype/v0.44.0.md index 67b80f32..bc78787c 100644 --- a/content/docs/releases/grype/v0.44.0.md +++ b/content/docs/releases/grype/v0.44.0.md @@ -11,11 +11,11 @@ description = "Release notes for grype v0.44.0" Version [v0.44.0](https://github.com/anchore/grype/releases/tag/v0.44.0) -## [v0.44.0](https://github.com/anchore/grype/tree/v0.44.0) (2022-07-25) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.43.0...v0.44.0) - -## Added Features - -- Filter CPE matches by target SW to reduce FPs [[Issue #390](https://github.com/anchore/grype/issues/390)] +## [v0.44.0](https://github.com/anchore/grype/tree/v0.44.0) (2022-07-25) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.43.0...v0.44.0) + +## Added Features + +- Filter CPE matches by target SW to reduce FPs [[Issue #390](https://github.com/anchore/grype/issues/390)] - Support ARM32 (linux/armv7) architecture [[Issue #595](https://github.com/anchore/grype/issues/595)] diff --git a/content/docs/releases/grype/v0.45.0.md b/content/docs/releases/grype/v0.45.0.md index c1065bd3..eb585f5b 100644 --- a/content/docs/releases/grype/v0.45.0.md +++ b/content/docs/releases/grype/v0.45.0.md @@ -11,17 +11,17 @@ description = "Release notes for grype v0.45.0" Version [v0.45.0](https://github.com/anchore/grype/releases/tag/v0.45.0) -## [v0.45.0](https://github.com/anchore/grype/tree/v0.45.0) (2022-08-03) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.44.0...v0.45.0) - -## Added Features - -- Accept simple package list as input [[Issue #516](https://github.com/anchore/grype/issues/516)] -- Request vulnerability data by a single cpe string [[Issue #757](https://github.com/anchore/grype/issues/757)] - -## Bug Fixes - -- grype db diff default case inverted [[Issue #844](https://github.com/anchore/grype/issues/844)] -- Grype slow on parallel execution [[Issue #855](https://github.com/anchore/grype/issues/855)] +## [v0.45.0](https://github.com/anchore/grype/tree/v0.45.0) (2022-08-03) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.44.0...v0.45.0) + +## Added Features + +- Accept simple package list as input [[Issue #516](https://github.com/anchore/grype/issues/516)] +- Request vulnerability data by a single cpe string [[Issue #757](https://github.com/anchore/grype/issues/757)] + +## Bug Fixes + +- grype db diff default case inverted [[Issue #844](https://github.com/anchore/grype/issues/844)] +- Grype slow on parallel execution [[Issue #855](https://github.com/anchore/grype/issues/855)] - Concurrent gyrpe runs result in SQLITE_BUSY error [[Issue #859](https://github.com/anchore/grype/issues/859)] diff --git a/content/docs/releases/grype/v0.46.0.md b/content/docs/releases/grype/v0.46.0.md index d243e623..a068177f 100644 --- a/content/docs/releases/grype/v0.46.0.md +++ b/content/docs/releases/grype/v0.46.0.md @@ -11,11 +11,11 @@ description = "Release notes for grype v0.46.0" Version [v0.46.0](https://github.com/anchore/grype/releases/tag/v0.46.0) -## [v0.46.0](https://github.com/anchore/grype/tree/v0.46.0) (2022-08-04) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.45.0...v0.46.0) - -## Added Features - -- ux: db: update: append more information about the next update [[Issue #754](https://github.com/anchore/grype/issues/754)] +## [v0.46.0](https://github.com/anchore/grype/tree/v0.46.0) (2022-08-04) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.45.0...v0.46.0) + +## Added Features + +- ux: db: update: append more information about the next update [[Issue #754](https://github.com/anchore/grype/issues/754)] - update syft to use latest version [[v0.53.4](https://github.com/anchore/syft/releases/tag/v0.53.4)] diff --git a/content/docs/releases/grype/v0.47.0.md b/content/docs/releases/grype/v0.47.0.md index bb2d0db1..8cbc87a1 100644 --- a/content/docs/releases/grype/v0.47.0.md +++ b/content/docs/releases/grype/v0.47.0.md @@ -11,14 +11,14 @@ description = "Release notes for grype v0.47.0" Version [v0.47.0](https://github.com/anchore/grype/releases/tag/v0.47.0) -## [v0.47.0](https://github.com/anchore/grype/tree/v0.47.0) (2022-08-17) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.46.0...v0.47.0) - -## Security - -- Grype v0.46.0 reports a Critical vulnerability CVE-2022-35929 on itself [[Issue #880](https://github.com/anchore/grype/issues/880)] - -## Bug Fixes - +## [v0.47.0](https://github.com/anchore/grype/tree/v0.47.0) (2022-08-17) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.46.0...v0.47.0) + +## Security + +- Grype v0.46.0 reports a Critical vulnerability CVE-2022-35929 on itself [[Issue #880](https://github.com/anchore/grype/issues/880)] + +## Bug Fixes + - `GRYPE_DB_AUTO_UPDATE=false` no longer works [[Issue #870](https://github.com/anchore/grype/issues/870)] diff --git a/content/docs/releases/grype/v0.48.0.md b/content/docs/releases/grype/v0.48.0.md index ce17831b..58cb8417 100644 --- a/content/docs/releases/grype/v0.48.0.md +++ b/content/docs/releases/grype/v0.48.0.md @@ -11,14 +11,15 @@ description = "Release notes for grype v0.48.0" Version [v0.48.0](https://github.com/anchore/grype/releases/tag/v0.48.0) -## [v0.48.0](https://github.com/anchore/grype/tree/v0.48.0) (2022-08-24) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.47.0...v0.48.0) - -## Added Features - -- enhancement: add support for `s390x` arch [[Issue #719](https://github.com/anchore/grype/issues/719)] -- More accurate "no OS distribution" messaging [[Issue #748](https://github.com/anchore/grype/issues/748)] - -## Fixed Bugs +## [v0.48.0](https://github.com/anchore/grype/tree/v0.48.0) (2022-08-24) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.47.0...v0.48.0) + +## Added Features + +- enhancement: add support for `s390x` arch [[Issue #719](https://github.com/anchore/grype/issues/719)] +- More accurate "no OS distribution" messaging [[Issue #748](https://github.com/anchore/grype/issues/748)] + +## Fixed Bugs + - disable CPE match filtering based on target software component for java packages [[PR #889](https://github.com/anchore/grype/pull/889)] diff --git a/content/docs/releases/grype/v0.5.0.md b/content/docs/releases/grype/v0.5.0.md index 2e822ca2..c4196a8c 100644 --- a/content/docs/releases/grype/v0.5.0.md +++ b/content/docs/releases/grype/v0.5.0.md @@ -11,21 +11,19 @@ description = "Release notes for grype v0.5.0" Version [v0.5.0](https://github.com/anchore/grype/releases/tag/v0.5.0) -## [v0.5.0](https://github.com/anchore/grype/tree/v0.5.0) (2020-11-20) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.4.0...v0.5.0) - -**Implemented enhancements:** - -- Option to use an SBOM input document instead of invoking syft's cataloging functionality [\#196](https://github.com/anchore/grype/issues/196) -- Remove CPE generation \(rely on static CPEa from syft instead\) [\#213](https://github.com/anchore/grype/pull/213) ([wagoodman](https://github.com/wagoodman)) - -**Fixed bugs:** - -- can't brew install 0.3.0 on mac [\#203](https://github.com/anchore/grype/issues/203) -- "failed to catalog" error when scanning Python apps [\#200](https://github.com/anchore/grype/issues/200) -- Remove powershell description from completion command [\#211](https://github.com/anchore/grype/pull/211) ([KeisukeYamashita](https://github.com/KeisukeYamashita)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.5.0](https://github.com/anchore/grype/tree/v0.5.0) (2020-11-20) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.4.0...v0.5.0) + +**Implemented enhancements:** + +- Option to use an SBOM input document instead of invoking syft's cataloging functionality [\#196](https://github.com/anchore/grype/issues/196) +- Remove CPE generation \(rely on static CPEa from syft instead\) [\#213](https://github.com/anchore/grype/pull/213) ([wagoodman](https://github.com/wagoodman)) + +**Fixed bugs:** + +- can't brew install 0.3.0 on mac [\#203](https://github.com/anchore/grype/issues/203) +- "failed to catalog" error when scanning Python apps [\#200](https://github.com/anchore/grype/issues/200) +- Remove powershell description from completion command [\#211](https://github.com/anchore/grype/pull/211) ([KeisukeYamashita](https://github.com/KeisukeYamashita)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/grype/v0.50.0.md b/content/docs/releases/grype/v0.50.0.md index ad43e9f3..4546bf7d 100644 --- a/content/docs/releases/grype/v0.50.0.md +++ b/content/docs/releases/grype/v0.50.0.md @@ -11,8 +11,9 @@ description = "Release notes for grype v0.50.0" Version [v0.50.0](https://github.com/anchore/grype/releases/tag/v0.50.0) -[Full Changelog](https://github.com/anchore/grype/compare/v0.49.0...ba73ab362a72b8ed5dc9d25fa86ba64f5eeec44b) - -## Added Features -- 0.49.0 docker image does not support arm64 [[Issue #916](https://github.com/anchore/grype/issues/916)] -- review rpm packages [[Issue #570](https://github.com/anchore/grype/issues/570 +[Full Changelog](https://github.com/anchore/grype/compare/v0.49.0...ba73ab362a72b8ed5dc9d25fa86ba64f5eeec44b) + +## Added Features + +- 0.49.0 docker image does not support arm64 [[Issue #916](https://github.com/anchore/grype/issues/916)] +- review rpm packages [[Issue #570](https://github.com/anchore/grype/issues/570 diff --git a/content/docs/releases/grype/v0.50.1.md b/content/docs/releases/grype/v0.50.1.md index 642c3802..3b583b01 100644 --- a/content/docs/releases/grype/v0.50.1.md +++ b/content/docs/releases/grype/v0.50.1.md @@ -11,8 +11,8 @@ description = "Release notes for grype v0.50.1" Version [v0.50.1](https://github.com/anchore/grype/releases/tag/v0.50.1) -[Full Changelog](https://github.com/anchore/grype/compare/v0.50.0...403a535321c20565676dc633344e2bf8881cee29) - -## Bug Fix - +[Full Changelog](https://github.com/anchore/grype/compare/v0.50.0...403a535321c20565676dc633344e2bf8881cee29) + +## Bug Fix + - Pin syft version to latest release to resolve pseudo version conflict diff --git a/content/docs/releases/grype/v0.51.0.md b/content/docs/releases/grype/v0.51.0.md index 2590edf7..f8ba1d19 100644 --- a/content/docs/releases/grype/v0.51.0.md +++ b/content/docs/releases/grype/v0.51.0.md @@ -11,15 +11,16 @@ description = "Release notes for grype v0.51.0" Version [v0.51.0](https://github.com/anchore/grype/releases/tag/v0.51.0) -## [v0.51.0](https://github.com/anchore/grype/tree/v0.51.0) (2022-10-17) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.50.2...4cda526992d5003dcbab68c9a7479a653dfde008) - -## Features -- Upgrade to a new vulnerability database schema v5 [[PR #944](https://github.com/anchore/grype/pull/944)] - -## Bug Fixes - -- Grype is not reporting CVE-2018-1270 [[Issue #237](https://github.com/anchore/grype/issues/237)] -- Grype does not recognize Debian fix for CVE-2022-37434 [[Issue #900](https://github.com/anchore/grype/issues/900)] -- grype cannot be used, because modify syft CycloneDX format json result file. [[Issue #953](https://github.com/anchore/grype/issues/953)] +## [v0.51.0](https://github.com/anchore/grype/tree/v0.51.0) (2022-10-17) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.50.2...4cda526992d5003dcbab68c9a7479a653dfde008) + +## Features + +- Upgrade to a new vulnerability database schema v5 [[PR #944](https://github.com/anchore/grype/pull/944)] + +## Bug Fixes + +- Grype is not reporting CVE-2018-1270 [[Issue #237](https://github.com/anchore/grype/issues/237)] +- Grype does not recognize Debian fix for CVE-2022-37434 [[Issue #900](https://github.com/anchore/grype/issues/900)] +- grype cannot be used, because modify syft CycloneDX format json result file. [[Issue #953](https://github.com/anchore/grype/issues/953)] diff --git a/content/docs/releases/grype/v0.52.0.md b/content/docs/releases/grype/v0.52.0.md index 23d4ca03..7c6d9d9f 100644 --- a/content/docs/releases/grype/v0.52.0.md +++ b/content/docs/releases/grype/v0.52.0.md @@ -17,7 +17,7 @@ Version [v0.52.0](https://github.com/anchore/grype/releases/tag/v0.52.0) ## Added Features -- Show all vulnerabilities, even suppressed [[Issue #887](https://github.com/anchore/grype/issues/887)] +- Show all vulnerabilities, even suppressed [[Issue #887](https://github.com/anchore/grype/issues/887)] - Ubuntu: Add as a Vulnerability Specification Source [[Issue #958](https://github.com/anchore/grype/issues/958)] ## Bug Fixes diff --git a/content/docs/releases/grype/v0.53.0.md b/content/docs/releases/grype/v0.53.0.md index 4f303812..cfd6bffa 100644 --- a/content/docs/releases/grype/v0.53.0.md +++ b/content/docs/releases/grype/v0.53.0.md @@ -11,11 +11,11 @@ description = "Release notes for grype v0.53.0" Version [v0.53.0](https://github.com/anchore/grype/releases/tag/v0.53.0) -## [v0.53.0](https://github.com/anchore/grype/tree/v0.53.0) (2022-11-18) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.52.0...v0.53.0) - -## Added Features - -- Enable the Scorecard Github Action and badge [[Issue #926](https://github.com/anchore/grype/issues/926)] +## [v0.53.0](https://github.com/anchore/grype/tree/v0.53.0) (2022-11-18) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.52.0...v0.53.0) + +## Added Features + +- Enable the Scorecard Github Action and badge [[Issue #926](https://github.com/anchore/grype/issues/926)] - Update Grype to use use syft v0.62.0 diff --git a/content/docs/releases/grype/v0.54.0.md b/content/docs/releases/grype/v0.54.0.md index 11faa5da..2de1dfd8 100644 --- a/content/docs/releases/grype/v0.54.0.md +++ b/content/docs/releases/grype/v0.54.0.md @@ -11,18 +11,18 @@ description = "Release notes for grype v0.54.0" Version [v0.54.0](https://github.com/anchore/grype/releases/tag/v0.54.0) -## [v0.54.0](https://github.com/anchore/grype/tree/v0.54.0) (2022-12-13) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.53.1...v0.54.0) - -## Added Features - -- reporting the relevant CVE number when GHSA is reported [[Issue #204](https://github.com/anchore/grype/issues/204)] -- Add official support for ppc64le [[Issue #404](https://github.com/anchore/grype/issues/404)] - -## Bug Fixes - -- False positive: redis vuln associated to somewhat unrelated python dependency [[Issue #491](https://github.com/anchore/grype/issues/491)] -- False flagging [[Issue #800](https://github.com/anchore/grype/issues/800)] -- grype db update error [[Issue #846](https://github.com/anchore/grype/issues/846)] +## [v0.54.0](https://github.com/anchore/grype/tree/v0.54.0) (2022-12-13) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.53.1...v0.54.0) + +## Added Features + +- reporting the relevant CVE number when GHSA is reported [[Issue #204](https://github.com/anchore/grype/issues/204)] +- Add official support for ppc64le [[Issue #404](https://github.com/anchore/grype/issues/404)] + +## Bug Fixes + +- False positive: redis vuln associated to somewhat unrelated python dependency [[Issue #491](https://github.com/anchore/grype/issues/491)] +- False flagging [[Issue #800](https://github.com/anchore/grype/issues/800)] +- grype db update error [[Issue #846](https://github.com/anchore/grype/issues/846)] - Grype debug image no longer contains busybox [[Issue #1010](https://github.com/anchore/grype/issues/1010)] diff --git a/content/docs/releases/grype/v0.55.0.md b/content/docs/releases/grype/v0.55.0.md index 1d7024d6..1f509d35 100644 --- a/content/docs/releases/grype/v0.55.0.md +++ b/content/docs/releases/grype/v0.55.0.md @@ -11,18 +11,18 @@ description = "Release notes for grype v0.55.0" Version [v0.55.0](https://github.com/anchore/grype/releases/tag/v0.55.0) -## [v0.55.0](https://github.com/anchore/grype/tree/v0.55.0) (2023-01-04) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.54.0...v0.55.0) - -## Added Features - -- add documentation about air gap installation support [[Issue #509](https://github.com/anchore/grype/issues/509)] -- Include Syft's cyclonedx component properties in Grype output [[Issue #951](https://github.com/anchore/grype/issues/951)] - -## Bug Fixes - -- OWASP dependency track is not listing vulnerabilities (cyclone dx format) from grype , syft is working however [[Issue #796](https://github.com/anchore/grype/issues/796)] -- Failure scanning images with arch variant (e.g. `arm/v7`) [[Issue #831](https://github.com/anchore/grype/issues/831)] -- Unnecessarily escaped output in CycloneDX [[Issue #959](https://github.com/anchore/grype/issues/959)] +## [v0.55.0](https://github.com/anchore/grype/tree/v0.55.0) (2023-01-04) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.54.0...v0.55.0) + +## Added Features + +- add documentation about air gap installation support [[Issue #509](https://github.com/anchore/grype/issues/509)] +- Include Syft's cyclonedx component properties in Grype output [[Issue #951](https://github.com/anchore/grype/issues/951)] + +## Bug Fixes + +- OWASP dependency track is not listing vulnerabilities (cyclone dx format) from grype , syft is working however [[Issue #796](https://github.com/anchore/grype/issues/796)] +- Failure scanning images with arch variant (e.g. `arm/v7`) [[Issue #831](https://github.com/anchore/grype/issues/831)] +- Unnecessarily escaped output in CycloneDX [[Issue #959](https://github.com/anchore/grype/issues/959)] - SBOM cataloger and ownership-by-file-overlap relationships for packages [[Issue #1044](https://github.com/anchore/grype/issues/1044)] diff --git a/content/docs/releases/grype/v0.56.0.md b/content/docs/releases/grype/v0.56.0.md index 26814b08..7ad7833d 100644 --- a/content/docs/releases/grype/v0.56.0.md +++ b/content/docs/releases/grype/v0.56.0.md @@ -11,15 +11,15 @@ description = "Release notes for grype v0.56.0" Version [v0.56.0](https://github.com/anchore/grype/releases/tag/v0.56.0) -## [v0.56.0](https://github.com/anchore/grype/tree/v0.56.0) (2023-01-26) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.55.0...v0.56.0) - -## Added Features - -- Allow db diff to specify local files [[Issue #1059](https://github.com/anchore/grype/issues/1059)] [[PR #1058](https://github.com/anchore/grype/pull/1058)] [[kzantow](https://github.com/kzantow)] - -## Bug Fixes - -- False positive CVE-2015-5237 for protobuf-go [[Issue #558](https://github.com/anchore/grype/issues/558)] [[PR #1062](https://github.com/anchore/grype/pull/1062)] [[luhring](https://github.com/luhring)] +## [v0.56.0](https://github.com/anchore/grype/tree/v0.56.0) (2023-01-26) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.55.0...v0.56.0) + +## Added Features + +- Allow db diff to specify local files [[Issue #1059](https://github.com/anchore/grype/issues/1059)] [[PR #1058](https://github.com/anchore/grype/pull/1058)] [[kzantow](https://github.com/kzantow)] + +## Bug Fixes + +- False positive CVE-2015-5237 for protobuf-go [[Issue #558](https://github.com/anchore/grype/issues/558)] [[PR #1062](https://github.com/anchore/grype/pull/1062)] [[luhring](https://github.com/luhring)] - Missing severities in embedded-cyclonedx-vex-json format since v0.55.0 [[Issue #1066](https://github.com/anchore/grype/issues/1066)] [[PR #1067](https://github.com/anchore/grype/pull/1067)] [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/grype/v0.57.0.md b/content/docs/releases/grype/v0.57.0.md index 5f530895..fffa6a5a 100644 --- a/content/docs/releases/grype/v0.57.0.md +++ b/content/docs/releases/grype/v0.57.0.md @@ -11,20 +11,21 @@ description = "Release notes for grype v0.57.0" Version [v0.57.0](https://github.com/anchore/grype/releases/tag/v0.57.0) -## Updates -- Update to latest syft for faster indexing and SBOM generation when consuming source and not using the SBOM as an input - -[Full Changelog](https://github.com/anchore/grype/compare/v0.56.0...v0.57.0) - -## Bug Fixes - -- regression: Grype 0.54.0 does not find vulnerabilities in Nodejs runtime itself anymore [[Issue #1043](https://github.com/anchore/grype/issues/1043)] - -## Additional Changes - -- bump yardstick to 2d30ea7429d0a59020e0176bba1b3b6b8b01b08a [[PR #1095](https://github.com/anchore/grype/pull/1095)] [[wagoodman](https://github.com/wagoodman)] -- chore: prune cosign dependency for grype builds [[PR #1100](https://github.com/anchore/grype/pull/1100)] [[spiffcs](https://github.com/spiffcs)] -- chore: bump yardstick for better quality gate filtering [[PR #1101](https://github.com/anchore/grype/pull/1101)] [[westonsteimel](https://github.com/westonsteimel)] -- chore: add new images to quality gate [[PR #1106](https://github.com/anchore/grype/pull/1106)] [[westonsteimel](https://github.com/westonsteimel)] -- fix: exclude OS packages from CPE target filtering [[PR #1130](https://github.com/anchore/grype/pull/1130)] [[westonsteimel](https://github.com/westonsteimel)] +## Updates + +- Update to latest syft for faster indexing and SBOM generation when consuming source and not using the SBOM as an input + +[Full Changelog](https://github.com/anchore/grype/compare/v0.56.0...v0.57.0) + +## Bug Fixes + +- regression: Grype 0.54.0 does not find vulnerabilities in Nodejs runtime itself anymore [[Issue #1043](https://github.com/anchore/grype/issues/1043)] + +## Additional Changes + +- bump yardstick to 2d30ea7429d0a59020e0176bba1b3b6b8b01b08a [[PR #1095](https://github.com/anchore/grype/pull/1095)] [[wagoodman](https://github.com/wagoodman)] +- chore: prune cosign dependency for grype builds [[PR #1100](https://github.com/anchore/grype/pull/1100)] [[spiffcs](https://github.com/spiffcs)] +- chore: bump yardstick for better quality gate filtering [[PR #1101](https://github.com/anchore/grype/pull/1101)] [[westonsteimel](https://github.com/westonsteimel)] +- chore: add new images to quality gate [[PR #1106](https://github.com/anchore/grype/pull/1106)] [[westonsteimel](https://github.com/westonsteimel)] +- fix: exclude OS packages from CPE target filtering [[PR #1130](https://github.com/anchore/grype/pull/1130)] [[westonsteimel](https://github.com/westonsteimel)] - fix: ignore some false-positives for ruby gems [[PR #1132](https://github.com/anchore/grype/pull/1132)] [[westonsteimel](https://github.com/westonsteimel)] diff --git a/content/docs/releases/grype/v0.6.0.md b/content/docs/releases/grype/v0.6.0.md index f1b31703..6b371d2c 100644 --- a/content/docs/releases/grype/v0.6.0.md +++ b/content/docs/releases/grype/v0.6.0.md @@ -11,17 +11,16 @@ description = "Release notes for grype v0.6.0" Version [v0.6.0](https://github.com/anchore/grype/releases/tag/v0.6.0) -## [v0.6.0](https://github.com/anchore/grype/tree/v0.6.0) (2020-12-03) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.5.0...v0.6.0) - -**Implemented enhancements:** - -- Update syft from 0.8.1 to 0.9.2 [\#217](https://github.com/anchore/grype/pull/217) ([luhring](https://github.com/luhring)) - -**Fixed bugs:** - -- False negatives in finding CVEs in jar files [\#209](https://github.com/anchore/grype/issues/209) - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.6.0](https://github.com/anchore/grype/tree/v0.6.0) (2020-12-03) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.5.0...v0.6.0) + +**Implemented enhancements:** + +- Update syft from 0.8.1 to 0.9.2 [\#217](https://github.com/anchore/grype/pull/217) ([luhring](https://github.com/luhring)) + +**Fixed bugs:** + +- False negatives in finding CVEs in jar files [\#209](https://github.com/anchore/grype/issues/209) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/grype/v0.6.1.md b/content/docs/releases/grype/v0.6.1.md index 9a9e1582..0fcfec9f 100644 --- a/content/docs/releases/grype/v0.6.1.md +++ b/content/docs/releases/grype/v0.6.1.md @@ -11,14 +11,12 @@ description = "Release notes for grype v0.6.1" Version [v0.6.1](https://github.com/anchore/grype/releases/tag/v0.6.1) -## [v0.6.1](https://github.com/anchore/grype/tree/v0.6.1) (2020-12-08) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.6.0...v0.6.1) - -**Fixed bugs:** - -- UBI-based images do not generate any vulnerabilities [\#221](https://github.com/anchore/grype/issues/221) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.6.1](https://github.com/anchore/grype/tree/v0.6.1) (2020-12-08) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.6.0...v0.6.1) + +**Fixed bugs:** + +- UBI-based images do not generate any vulnerabilities [\#221](https://github.com/anchore/grype/issues/221) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/grype/v0.60.0.md b/content/docs/releases/grype/v0.60.0.md index a83c4092..453f4949 100644 --- a/content/docs/releases/grype/v0.60.0.md +++ b/content/docs/releases/grype/v0.60.0.md @@ -11,14 +11,14 @@ description = "Release notes for grype v0.60.0" Version [v0.60.0](https://github.com/anchore/grype/releases/tag/v0.60.0) -## [v0.60.0](https://github.com/anchore/grype/tree/v0.60.0) (2023-03-28) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.59.1...v0.60.0) - -## Added Features - -- feat: disable CPE-based matching by default for javascript [[PR #1180](https://github.com/anchore/grype/pull/1180)] [[westonsteimel](https://github.com/westonsteimel)] - -## Additional Changes - +## [v0.60.0](https://github.com/anchore/grype/tree/v0.60.0) (2023-03-28) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.59.1...v0.60.0) + +## Added Features + +- feat: disable CPE-based matching by default for javascript [[PR #1180](https://github.com/anchore/grype/pull/1180)] [[westonsteimel](https://github.com/westonsteimel)] + +## Additional Changes + - Improve --by-cve report performance [[Issue #1185](https://github.com/anchore/grype/issues/1185)] [[PR #1188](https://github.com/anchore/grype/pull/1188)] [[westonsteimel](https://github.com/westonsteimel)] diff --git a/content/docs/releases/grype/v0.61.0.md b/content/docs/releases/grype/v0.61.0.md index c347e9ce..9fb8f86d 100644 --- a/content/docs/releases/grype/v0.61.0.md +++ b/content/docs/releases/grype/v0.61.0.md @@ -11,16 +11,16 @@ description = "Release notes for grype v0.61.0" Version [v0.61.0](https://github.com/anchore/grype/releases/tag/v0.61.0) -## [v0.61.0](https://github.com/anchore/grype/tree/v0.61.0) (2023-04-04) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.60.0...v0.61.0) - -## Added Features - -- feat: Add config option to prefer registry over local Docker when scanning an image [[Issue #1204](https://github.com/anchore/grype/issues/1204)] [[PR #1215](https://github.com/anchore/grype/pull/1215)] [[spiffcs](https://github.com/spiffcs)] - -## Additional Changes - -- chore: update quality gate dataset [[PR #1206](https://github.com/anchore/grype/pull/1206)] [[westonsteimel](https://github.com/westonsteimel)] -- chore: update deprecated set-output calls [[PR #1210](https://github.com/anchore/grype/pull/1210)] [[kzantow](https://github.com/kzantow)] +## [v0.61.0](https://github.com/anchore/grype/tree/v0.61.0) (2023-04-04) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.60.0...v0.61.0) + +## Added Features + +- feat: Add config option to prefer registry over local Docker when scanning an image [[Issue #1204](https://github.com/anchore/grype/issues/1204)] [[PR #1215](https://github.com/anchore/grype/pull/1215)] [[spiffcs](https://github.com/spiffcs)] + +## Additional Changes + +- chore: update quality gate dataset [[PR #1206](https://github.com/anchore/grype/pull/1206)] [[westonsteimel](https://github.com/westonsteimel)] +- chore: update deprecated set-output calls [[PR #1210](https://github.com/anchore/grype/pull/1210)] [[kzantow](https://github.com/kzantow)] - chore: update syft [[PR #1211](https://github.com/anchore/grype/pull/1211)] [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/grype/v0.61.1.md b/content/docs/releases/grype/v0.61.1.md index c1ec3e4c..561d2e2e 100644 --- a/content/docs/releases/grype/v0.61.1.md +++ b/content/docs/releases/grype/v0.61.1.md @@ -17,8 +17,8 @@ Version [v0.61.1](https://github.com/anchore/grype/releases/tag/v0.61.1) ## Bug Fixes -- :grey_question: Parsing dpkg status: extracting key-value from line: usr/lib/os-release err: cannot parse field [[Issue #1195](https://github.com/anchore/grype/issues/1195)] -- Grype suggesting to upgrade to a version already used. [[Issue #1209](https://github.com/anchore/grype/issues/1209)] +- :grey_question: Parsing dpkg status: extracting key-value from line: usr/lib/os-release err: cannot parse field [[Issue #1195](https://github.com/anchore/grype/issues/1195)] +- Grype suggesting to upgrade to a version already used. [[Issue #1209](https://github.com/anchore/grype/issues/1209)] ## Additional Changes diff --git a/content/docs/releases/grype/v0.62.0.md b/content/docs/releases/grype/v0.62.0.md index 5c418e02..46c7da85 100644 --- a/content/docs/releases/grype/v0.62.0.md +++ b/content/docs/releases/grype/v0.62.0.md @@ -11,29 +11,29 @@ description = "Release notes for grype v0.62.0" Version [v0.62.0](https://github.com/anchore/grype/releases/tag/v0.62.0) -## [v0.62.0](https://github.com/anchore/grype/tree/v0.62.0) (2023-05-22) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.61.1...v0.62.0) - -## Added Features - -- Add package qualifier for platform CPE [[PR #1291](https://github.com/anchore/grype/pull/1291)] [[westonsteimel](https://github.com/westonsteimel)] -- Include timestamp and image name in reports [[Issue #1170](https://github.com/anchore/grype/issues/1170)] [[PR #1249](https://github.com/anchore/grype/pull/1249)] [[jneate](https://github.com/jneate)] -- Document command line flag for config file location [[Issue #1271](https://github.com/anchore/grype/issues/1271)] [[PR #1274](https://github.com/anchore/grype/pull/1274)] [[jneate](https://github.com/jneate)] -- Add support for Mariner distribution [[Issue #1220](https://github.com/anchore/grype/issues/1220)] -- Add support for Syft IDs in JSON output [[PR #1266](https://github.com/anchore/grype/pull/1266)] [[luhring](https://github.com/luhring)] - -## Bug Fixes - -- False positive with pkg:rpm PURLs [[Issue #1031](https://github.com/anchore/grype/issues/1031)] [[PR #1237](https://github.com/anchore/grype/pull/1237)] [[Shanedell](https://github.com/Shanedell)] -- Specifying "extras" in pip / requirements.txt results in false negative [[Issue #1246](https://github.com/anchore/grype/issues/1246)] -- CycloneDX dependencies relationships inverted [[Issue #1294](https://github.com/anchore/grype/issues/1294)] - -## Additional Changes - -- docs: add "cyclonedx-json" to output formats [[PR #1252](https://github.com/anchore/grype/pull/1252)] [[HNKNTA](https://github.com/HNKNTA)] -- chore: update quality gate labels and add keycloak [[PR #1255](https://github.com/anchore/grype/pull/1255)] [[westonsteimel](https://github.com/westonsteimel)] -- Install skopeo during bootstrap [[PR #1260](https://github.com/anchore/grype/pull/1260)] [[willmurphyscode](https://github.com/willmurphyscode)] -- Replace deprecated io/ioutil calls [[PR #1296](https://github.com/anchore/grype/pull/1296)] [[testwill](https://github.com/testwill)] -- Fix reading syft json from stdin by redirect [[PR #1299](https://github.com/anchore/grype/pull/1299)] [[devfbe](https://github.com/devfbe)] +## [v0.62.0](https://github.com/anchore/grype/tree/v0.62.0) (2023-05-22) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.61.1...v0.62.0) + +## Added Features + +- Add package qualifier for platform CPE [[PR #1291](https://github.com/anchore/grype/pull/1291)] [[westonsteimel](https://github.com/westonsteimel)] +- Include timestamp and image name in reports [[Issue #1170](https://github.com/anchore/grype/issues/1170)] [[PR #1249](https://github.com/anchore/grype/pull/1249)] [[jneate](https://github.com/jneate)] +- Document command line flag for config file location [[Issue #1271](https://github.com/anchore/grype/issues/1271)] [[PR #1274](https://github.com/anchore/grype/pull/1274)] [[jneate](https://github.com/jneate)] +- Add support for Mariner distribution [[Issue #1220](https://github.com/anchore/grype/issues/1220)] +- Add support for Syft IDs in JSON output [[PR #1266](https://github.com/anchore/grype/pull/1266)] [[luhring](https://github.com/luhring)] + +## Bug Fixes + +- False positive with pkg:rpm PURLs [[Issue #1031](https://github.com/anchore/grype/issues/1031)] [[PR #1237](https://github.com/anchore/grype/pull/1237)] [[Shanedell](https://github.com/Shanedell)] +- Specifying "extras" in pip / requirements.txt results in false negative [[Issue #1246](https://github.com/anchore/grype/issues/1246)] +- CycloneDX dependencies relationships inverted [[Issue #1294](https://github.com/anchore/grype/issues/1294)] + +## Additional Changes + +- docs: add "cyclonedx-json" to output formats [[PR #1252](https://github.com/anchore/grype/pull/1252)] [[HNKNTA](https://github.com/HNKNTA)] +- chore: update quality gate labels and add keycloak [[PR #1255](https://github.com/anchore/grype/pull/1255)] [[westonsteimel](https://github.com/westonsteimel)] +- Install skopeo during bootstrap [[PR #1260](https://github.com/anchore/grype/pull/1260)] [[willmurphyscode](https://github.com/willmurphyscode)] +- Replace deprecated io/ioutil calls [[PR #1296](https://github.com/anchore/grype/pull/1296)] [[testwill](https://github.com/testwill)] +- Fix reading syft json from stdin by redirect [[PR #1299](https://github.com/anchore/grype/pull/1299)] [[devfbe](https://github.com/devfbe)] - Add gitignore for default build target [[PR #1305](https://github.com/anchore/grype/pull/1305)] [[testwill](https://github.com/testwill)] diff --git a/content/docs/releases/grype/v0.62.1.md b/content/docs/releases/grype/v0.62.1.md index 51debe89..6ba09091 100644 --- a/content/docs/releases/grype/v0.62.1.md +++ b/content/docs/releases/grype/v0.62.1.md @@ -11,11 +11,10 @@ description = "Release notes for grype v0.62.1" Version [v0.62.1](https://github.com/anchore/grype/releases/tag/v0.62.1) -## [v0.62.1](https://github.com/anchore/grype/tree/v0.62.1) (2023-05-24) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.62.0...v0.62.1) - - -## Bug Fixes - -- Updated syft to v0.82.0 to address license parsing logic that may result in a panic [[PR #1313](https://github.com/anchore/grype/pull/1313)] +## [v0.62.1](https://github.com/anchore/grype/tree/v0.62.1) (2023-05-24) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.62.0...v0.62.1) + +## Bug Fixes + +- Updated syft to v0.82.0 to address license parsing logic that may result in a panic [[PR #1313](https://github.com/anchore/grype/pull/1313)] diff --git a/content/docs/releases/grype/v0.62.3.md b/content/docs/releases/grype/v0.62.3.md index 0757c39f..c768fabc 100644 --- a/content/docs/releases/grype/v0.62.3.md +++ b/content/docs/releases/grype/v0.62.3.md @@ -11,11 +11,11 @@ description = "Release notes for grype v0.62.3" Version [v0.62.3](https://github.com/anchore/grype/releases/tag/v0.62.3) -## [v0.62.3](https://github.com/anchore/grype/tree/v0.62.3) (2023-06-05) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.62.2...v0.62.3) - -## Bug Fixes - -- Suppressed vulnerabilties are now correctly hidden, unless the --show-suppressed option is provided. -[[Issue #1053](https://github.com/anchore/grype/issues/1053)] [[Issue #1278](https://github.com/anchore/grype/issues/1278)] [[PR #1322](https://github.com/anchore/grype/pull/1322)] [[jamestran201](https://github.com/jamestran201)] +## [v0.62.3](https://github.com/anchore/grype/tree/v0.62.3) (2023-06-05) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.62.2...v0.62.3) + +## Bug Fixes + +- Suppressed vulnerabilties are now correctly hidden, unless the --show-suppressed option is provided. + [[Issue #1053](https://github.com/anchore/grype/issues/1053)] [[Issue #1278](https://github.com/anchore/grype/issues/1278)] [[PR #1322](https://github.com/anchore/grype/pull/1322)] [[jamestran201](https://github.com/jamestran201)] diff --git a/content/docs/releases/grype/v0.63.0.md b/content/docs/releases/grype/v0.63.0.md index 34b65308..702079ff 100644 --- a/content/docs/releases/grype/v0.63.0.md +++ b/content/docs/releases/grype/v0.63.0.md @@ -11,16 +11,16 @@ description = "Release notes for grype v0.63.0" Version [v0.63.0](https://github.com/anchore/grype/releases/tag/v0.63.0) -## [v0.63.0](https://github.com/anchore/grype/tree/v0.63.0) (2023-06-21) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.62.3...v0.63.0) - -## Added Features - -- Always include the specific package name and version used in the vulnerability search in the matchDetails section of the output [[PR #1339](https://github.com/anchore/grype/pull/1339)] [[westonsteimel](https://github.com/westonsteimel)] -- Expose Go template file that produces the table report [[Issue #629](https://github.com/anchore/grype/issues/629)] [[PR #1343](https://github.com/anchore/grype/pull/1343)] [[jneate](https://github.com/jneate)] -- Add a folder for community Go templates (see templates/README.md for more details) [[Issue #1316](https://github.com/anchore/grype/issues/1316)] - -## Breaking Changes - +## [v0.63.0](https://github.com/anchore/grype/tree/v0.63.0) (2023-06-21) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.62.3...v0.63.0) + +## Added Features + +- Always include the specific package name and version used in the vulnerability search in the matchDetails section of the output [[PR #1339](https://github.com/anchore/grype/pull/1339)] [[westonsteimel](https://github.com/westonsteimel)] +- Expose Go template file that produces the table report [[Issue #629](https://github.com/anchore/grype/issues/629)] [[PR #1343](https://github.com/anchore/grype/pull/1343)] [[jneate](https://github.com/jneate)] +- Add a folder for community Go templates (see templates/README.md for more details) [[Issue #1316](https://github.com/anchore/grype/issues/1316)] + +## Breaking Changes + - update Syft to v0.84.0: stereoscope platform fix and artifact ID padding [[PR #1354](https://github.com/anchore/grype/pull/1354)] [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/grype/v0.64.0.md b/content/docs/releases/grype/v0.64.0.md index ef8ff9b1..569718fe 100644 --- a/content/docs/releases/grype/v0.64.0.md +++ b/content/docs/releases/grype/v0.64.0.md @@ -11,20 +11,20 @@ description = "Release notes for grype v0.64.0" Version [v0.64.0](https://github.com/anchore/grype/releases/tag/v0.64.0) -## [v0.64.0](https://github.com/anchore/grype/tree/v0.64.0) (2023-07-13) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.63.1...v0.64.0) - -## Added Features - -- You can now list multiple output formats and files to write to disk with one command, like Syft: "-o format1=file1 -o format1=file2" [[Issue #648](https://github.com/anchore/grype/issues/648)] [[PR #1346](https://github.com/anchore/grype/pull/1346)] [[olivierboudet](https://github.com/olivierboudet)] - -## Bug Fixes - -- Correctly detect format of CycloneDX XML SBOM with no components [[Issue #1005](https://github.com/anchore/grype/issues/1005)] -- Fix vulnerability summary counts to be less confusing. [[Issue #1360](https://github.com/anchore/grype/issues/1360)] - -## Additional Changes - -- Port to new Syft source API [[PR #1376](https://github.com/anchore/grype/pull/1376)] [[wagoodman](https://github.com/wagoodman)] +## [v0.64.0](https://github.com/anchore/grype/tree/v0.64.0) (2023-07-13) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.63.1...v0.64.0) + +## Added Features + +- You can now list multiple output formats and files to write to disk with one command, like Syft: "-o format1=file1 -o format1=file2" [[Issue #648](https://github.com/anchore/grype/issues/648)] [[PR #1346](https://github.com/anchore/grype/pull/1346)] [[olivierboudet](https://github.com/olivierboudet)] + +## Bug Fixes + +- Correctly detect format of CycloneDX XML SBOM with no components [[Issue #1005](https://github.com/anchore/grype/issues/1005)] +- Fix vulnerability summary counts to be less confusing. [[Issue #1360](https://github.com/anchore/grype/issues/1360)] + +## Additional Changes + +- Port to new Syft source API [[PR #1376](https://github.com/anchore/grype/pull/1376)] [[wagoodman](https://github.com/wagoodman)] - Include Syft 0.85.0 diff --git a/content/docs/releases/grype/v0.64.1.md b/content/docs/releases/grype/v0.64.1.md index a2d06968..a3bcc21a 100644 --- a/content/docs/releases/grype/v0.64.1.md +++ b/content/docs/releases/grype/v0.64.1.md @@ -11,14 +11,14 @@ description = "Release notes for grype v0.64.1" Version [v0.64.1](https://github.com/anchore/grype/releases/tag/v0.64.1) -## [v0.64.1](https://github.com/anchore/grype/tree/v0.64.1) (2023-07-17) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.64.0...v0.64.1) - -## Bug Fixes - -- stop truncating template files [Issue #1388](https://github.com/anchore/grype/issues/1388) [PR #1391](https://github.com/anchore/grype/pull/1391) [willmurphyscode](https://github.com/willmurphyscode) - -## Additional Changes - +## [v0.64.1](https://github.com/anchore/grype/tree/v0.64.1) (2023-07-17) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.64.0...v0.64.1) + +## Bug Fixes + +- stop truncating template files [Issue #1388](https://github.com/anchore/grype/issues/1388) [PR #1391](https://github.com/anchore/grype/pull/1391) [willmurphyscode](https://github.com/willmurphyscode) + +## Additional Changes + - Port UI to bubbletea [[PR #1385](https://github.com/anchore/grype/pull/1385)] [[wagoodman](https://github.com/wagoodman)] diff --git a/content/docs/releases/grype/v0.64.2.md b/content/docs/releases/grype/v0.64.2.md index ec5edb96..423dbbe6 100644 --- a/content/docs/releases/grype/v0.64.2.md +++ b/content/docs/releases/grype/v0.64.2.md @@ -11,10 +11,10 @@ description = "Release notes for grype v0.64.2" Version [v0.64.2](https://github.com/anchore/grype/releases/tag/v0.64.2) -## [v0.64.2](https://github.com/anchore/grype/tree/v0.64.2) (2023-07-20) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.64.1...v0.64.2) - -## Bug Fixes - +## [v0.64.2](https://github.com/anchore/grype/tree/v0.64.2) (2023-07-20) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.64.1...v0.64.2) + +## Bug Fixes + - grype 0.64.0 doesn't list vulnerabilties if `--fail-on` fails [[Issue #1392](https://github.com/anchore/grype/issues/1392)] [[PR #1395](https://github.com/anchore/grype/pull/1395)] [[willmurphyscode](https://github.com/willmurphyscode)] diff --git a/content/docs/releases/grype/v0.65.1.md b/content/docs/releases/grype/v0.65.1.md index 60d90449..cd28cacb 100644 --- a/content/docs/releases/grype/v0.65.1.md +++ b/content/docs/releases/grype/v0.65.1.md @@ -11,7 +11,7 @@ description = "Release notes for grype v0.65.1" Version [v0.65.1](https://github.com/anchore/grype/releases/tag/v0.65.1) -# +# ## [v0.65.1](https://github.com/anchore/grype/tree/v0.65.1) (2023-08-04) diff --git a/content/docs/releases/grype/v0.65.2.md b/content/docs/releases/grype/v0.65.2.md index 08fd320e..a24c1260 100644 --- a/content/docs/releases/grype/v0.65.2.md +++ b/content/docs/releases/grype/v0.65.2.md @@ -11,14 +11,14 @@ description = "Release notes for grype v0.65.2" Version [v0.65.2](https://github.com/anchore/grype/releases/tag/v0.65.2) -# - -## [v0.65.2](https://github.com/anchore/grype/tree/v0.65.2) (2023-08-17) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.65.1...v0.65.2) - -## Additional Changes - -- Update Syft to v0.87.1 -- Add a simple JUnit XML template [[PR #1422](https://github.com/anchore/grype/pull/1422)] [[YevheniiPokhvalii](https://github.com/YevheniiPokhvalii)] +# + +## [v0.65.2](https://github.com/anchore/grype/tree/v0.65.2) (2023-08-17) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.65.1...v0.65.2) + +## Additional Changes + +- Update Syft to v0.87.1 +- Add a simple JUnit XML template [[PR #1422](https://github.com/anchore/grype/pull/1422)] [[YevheniiPokhvalii](https://github.com/YevheniiPokhvalii)] - Update semver regular expression constraint to allow for 1.20rc1 cases no '-' [[PR #1434](https://github.com/anchore/grype/pull/1434)] [[spiffcs](https://github.com/spiffcs)] diff --git a/content/docs/releases/grype/v0.66.0.md b/content/docs/releases/grype/v0.66.0.md index 316e4622..9dec0600 100644 --- a/content/docs/releases/grype/v0.66.0.md +++ b/content/docs/releases/grype/v0.66.0.md @@ -11,24 +11,24 @@ description = "Release notes for grype v0.66.0" Version [v0.66.0](https://github.com/anchore/grype/releases/tag/v0.66.0) -# - -## [v0.66.0](https://github.com/anchore/grype/tree/v0.66.0) (2023-08-31) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.65.2...v0.66.0) - -## Added Features - -- Allow for access to private CAs securely [[Issue #1226](https://github.com/anchore/grype/issues/1226)] [[PR #1232](https://github.com/anchore/grype/pull/1232)] [[5p2O5pe25ouT](https://github.com/5p2O5pe25ouT)] -- Filter out packages that are owned by OS packages (ownership overlap) [[Issue #1373](https://github.com/anchore/grype/issues/1373)] [[PR #1387](https://github.com/anchore/grype/pull/1387)] [[willmurphyscode](https://github.com/willmurphyscode)] - -## Bug Fixes - -- fix: Only remove packages by binary overlap [[PR #1444](https://github.com/anchore/grype/pull/1444)] [[willmurphyscode](https://github.com/willmurphyscode)] -- New version notice only showing the version and no text [[PR #1445](https://github.com/anchore/grype/pull/1445)] [[wagoodman](https://github.com/wagoodman)] -- fix: set correct default to exclude overlapping binaries [[PR #1452](https://github.com/anchore/grype/pull/1452)] [[kzantow](https://github.com/kzantow)] -- Portage version comparison is not working [[Issue #1459](https://github.com/anchore/grype/issues/1459)] [[PR #1468](https://github.com/anchore/grype/pull/1468)] [[barnuri](https://github.com/barnuri)] - -## Additional Changes - +# + +## [v0.66.0](https://github.com/anchore/grype/tree/v0.66.0) (2023-08-31) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.65.2...v0.66.0) + +## Added Features + +- Allow for access to private CAs securely [[Issue #1226](https://github.com/anchore/grype/issues/1226)] [[PR #1232](https://github.com/anchore/grype/pull/1232)] [[5p2O5pe25ouT](https://github.com/5p2O5pe25ouT)] +- Filter out packages that are owned by OS packages (ownership overlap) [[Issue #1373](https://github.com/anchore/grype/issues/1373)] [[PR #1387](https://github.com/anchore/grype/pull/1387)] [[willmurphyscode](https://github.com/willmurphyscode)] + +## Bug Fixes + +- fix: Only remove packages by binary overlap [[PR #1444](https://github.com/anchore/grype/pull/1444)] [[willmurphyscode](https://github.com/willmurphyscode)] +- New version notice only showing the version and no text [[PR #1445](https://github.com/anchore/grype/pull/1445)] [[wagoodman](https://github.com/wagoodman)] +- fix: set correct default to exclude overlapping binaries [[PR #1452](https://github.com/anchore/grype/pull/1452)] [[kzantow](https://github.com/kzantow)] +- Portage version comparison is not working [[Issue #1459](https://github.com/anchore/grype/issues/1459)] [[PR #1468](https://github.com/anchore/grype/pull/1468)] [[barnuri](https://github.com/barnuri)] + +## Additional Changes + - Update Syft to 0.89.0 diff --git a/content/docs/releases/grype/v0.67.0.md b/content/docs/releases/grype/v0.67.0.md index 78686f27..c7cf8c23 100644 --- a/content/docs/releases/grype/v0.67.0.md +++ b/content/docs/releases/grype/v0.67.0.md @@ -11,7 +11,7 @@ description = "Release notes for grype v0.67.0" Version [v0.67.0](https://github.com/anchore/grype/releases/tag/v0.67.0) -# +# ## [v0.67.0](https://github.com/anchore/grype/tree/v0.67.0) (2023-09-11) diff --git a/content/docs/releases/grype/v0.68.0.md b/content/docs/releases/grype/v0.68.0.md index 67b2717c..c23b1f60 100644 --- a/content/docs/releases/grype/v0.68.0.md +++ b/content/docs/releases/grype/v0.68.0.md @@ -11,18 +11,18 @@ description = "Release notes for grype v0.68.0" Version [v0.68.0](https://github.com/anchore/grype/releases/tag/v0.68.0) -# - -## [v0.68.0](https://github.com/anchore/grype/tree/v0.68.0) (2023-09-14) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.67.0...v0.68.0) - -## Added Features - -- Ignore/add match results based on OpenVEX documents [[PR #1397](https://github.com/anchore/grype/pull/1397)] [[puerco](https://github.com/puerco)] -- Introduce exit code failure option for db update check [[PR #1463](https://github.com/anchore/grype/pull/1463)] [[devfbe](https://github.com/devfbe)] - -## Bug Fixes - -- Fix race conditions around stager, enable detector [[PR #1489](https://github.com/anchore/grype/pull/1489)] [[willmurphyscode](https://github.com/willmurphyscode)] +# + +## [v0.68.0](https://github.com/anchore/grype/tree/v0.68.0) (2023-09-14) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.67.0...v0.68.0) + +## Added Features + +- Ignore/add match results based on OpenVEX documents [[PR #1397](https://github.com/anchore/grype/pull/1397)] [[puerco](https://github.com/puerco)] +- Introduce exit code failure option for db update check [[PR #1463](https://github.com/anchore/grype/pull/1463)] [[devfbe](https://github.com/devfbe)] + +## Bug Fixes + +- Fix race conditions around stager, enable detector [[PR #1489](https://github.com/anchore/grype/pull/1489)] [[willmurphyscode](https://github.com/willmurphyscode)] - Grype hangs forever if gets interrupted during work (in rare cases) [[Issue #1427](https://github.com/anchore/grype/issues/1427)] [[PR #1437](https://github.com/anchore/grype/pull/1437)] [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/grype/v0.68.1.md b/content/docs/releases/grype/v0.68.1.md index 7fe07127..5cc4b772 100644 --- a/content/docs/releases/grype/v0.68.1.md +++ b/content/docs/releases/grype/v0.68.1.md @@ -11,12 +11,12 @@ description = "Release notes for grype v0.68.1" Version [v0.68.1](https://github.com/anchore/grype/releases/tag/v0.68.1) -# - -## [v0.68.1](https://github.com/anchore/grype/tree/v0.68.1) (2023-09-15) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.68.0...v0.68.1) - -## Bug Fixes - +# + +## [v0.68.1](https://github.com/anchore/grype/tree/v0.68.1) (2023-09-15) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.68.0...v0.68.1) + +## Bug Fixes + - Version output was not including supported db schema [[PR #1494](https://github.com/anchore/grype/pull/1494)] [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/grype/v0.7.0.md b/content/docs/releases/grype/v0.7.0.md index aae2489b..f92658ff 100644 --- a/content/docs/releases/grype/v0.7.0.md +++ b/content/docs/releases/grype/v0.7.0.md @@ -11,15 +11,13 @@ description = "Release notes for grype v0.7.0" Version [v0.7.0](https://github.com/anchore/grype/releases/tag/v0.7.0) -## [v0.7.0](https://github.com/anchore/grype/tree/v0.7.0) (2021-01-27) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.6.1...v0.7.0) - -**Implemented enhancements:** - -- Decouple grype from syft-specific data structures [\#220](https://github.com/anchore/grype/issues/220) -- Update to syft v0.12.4 [\#233](https://github.com/anchore/grype/pull/233) ([luhring](https://github.com/luhring)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.7.0](https://github.com/anchore/grype/tree/v0.7.0) (2021-01-27) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.6.1...v0.7.0) + +**Implemented enhancements:** + +- Decouple grype from syft-specific data structures [\#220](https://github.com/anchore/grype/issues/220) +- Update to syft v0.12.4 [\#233](https://github.com/anchore/grype/pull/233) ([luhring](https://github.com/luhring)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/grype/v0.70.0.md b/content/docs/releases/grype/v0.70.0.md index c2ade126..8e530f01 100644 --- a/content/docs/releases/grype/v0.70.0.md +++ b/content/docs/releases/grype/v0.70.0.md @@ -11,12 +11,12 @@ description = "Release notes for grype v0.70.0" Version [v0.70.0](https://github.com/anchore/grype/releases/tag/v0.70.0) -## Added Features - -- Update Syft to v0.93.0 + enable golang stdlib matching [[#1550](https://github.com/anchore/grype/pull/1550) [@spiffcs](https://github.com/spiffcs) ] - -## Bug Fixes - -- JSON output: descriptor name is missing "grype" value [[#1538](https://github.com/anchore/grype/issues/1538) [#1542](https://github.com/anchore/grype/pull/1542) [@kzantow](https://github.com/kzantow)] - +## Added Features + +- Update Syft to v0.93.0 + enable golang stdlib matching [[#1550](https://github.com/anchore/grype/pull/1550) [@spiffcs](https://github.com/spiffcs) ] + +## Bug Fixes + +- JSON output: descriptor name is missing "grype" value [[#1538](https://github.com/anchore/grype/issues/1538) [#1542](https://github.com/anchore/grype/pull/1542) [@kzantow](https://github.com/kzantow)] + **[(Full Changelog)](https://github.com/anchore/grype/compare/v0.69.1...v0.70.0)** diff --git a/content/docs/releases/grype/v0.73.0.md b/content/docs/releases/grype/v0.73.0.md index 4448d520..71884efc 100644 --- a/content/docs/releases/grype/v0.73.0.md +++ b/content/docs/releases/grype/v0.73.0.md @@ -11,19 +11,19 @@ description = "Release notes for grype v0.73.0" Version [v0.73.0](https://github.com/anchore/grype/releases/tag/v0.73.0) -## Added Features - -- Add a reason field to ignore config [[#1337](https://github.com/anchore/grype/issues/1337) [#1532](https://github.com/anchore/grype/pull/1532) [@shanduur](https://github.com/shanduur)] -- Colorize severity in table output [[#225](https://github.com/anchore/grype/issues/225) [#1284](https://github.com/anchore/grype/pull/1284) [@shanedell](https://github.com/shanedell)] - -## Bug Fixes - -- Enable setting golang CPE config using env var [[#1585](https://github.com/anchore/grype/pull/1585) [@willmurphyscode](https://github.com/willmurphyscode)] -- Incorrect version comparisons for maven packages [[#1526](https://github.com/anchore/grype/issues/1526) [#1571](https://github.com/anchore/grype/pull/1571) [@spiffcs](https://github.com/spiffcs)] -- Grype fails to detect postgresql jdbc driver CVEs when scanning .jar [[#1482](https://github.com/anchore/grype/issues/1482)] - -## Additional Changes - -- Incorporate format API changes from syft [[#1582](https://github.com/anchore/grype/pull/1582) [@wagoodman](https://github.com/wagoodman)] - +## Added Features + +- Add a reason field to ignore config [[#1337](https://github.com/anchore/grype/issues/1337) [#1532](https://github.com/anchore/grype/pull/1532) [@shanduur](https://github.com/shanduur)] +- Colorize severity in table output [[#225](https://github.com/anchore/grype/issues/225) [#1284](https://github.com/anchore/grype/pull/1284) [@shanedell](https://github.com/shanedell)] + +## Bug Fixes + +- Enable setting golang CPE config using env var [[#1585](https://github.com/anchore/grype/pull/1585) [@willmurphyscode](https://github.com/willmurphyscode)] +- Incorrect version comparisons for maven packages [[#1526](https://github.com/anchore/grype/issues/1526) [#1571](https://github.com/anchore/grype/pull/1571) [@spiffcs](https://github.com/spiffcs)] +- Grype fails to detect postgresql jdbc driver CVEs when scanning .jar [[#1482](https://github.com/anchore/grype/issues/1482)] + +## Additional Changes + +- Incorporate format API changes from syft [[#1582](https://github.com/anchore/grype/pull/1582) [@wagoodman](https://github.com/wagoodman)] + **[(Full Changelog)](https://github.com/anchore/grype/compare/v0.72.0...v0.73.0)** diff --git a/content/docs/releases/grype/v0.73.4.md b/content/docs/releases/grype/v0.73.4.md index 9a599749..82c1d7e5 100644 --- a/content/docs/releases/grype/v0.73.4.md +++ b/content/docs/releases/grype/v0.73.4.md @@ -11,8 +11,9 @@ description = "Release notes for grype v0.73.4" Version [v0.73.4](https://github.com/anchore/grype/releases/tag/v0.73.4) -## Additional Changes -- bump to syft v0.98.0 in quality gate tests [[#1623](https://github.com/anchore/grype/pull/1623) [@westonsteimel](https://github.com/westonsteimel)] -- update syft to v0.98.0; go mod tidy [[#1621](https://github.com/anchore/grype/pull/1621) [@spiffcs](https://github.com/spiffcs)] - +## Additional Changes + +- bump to syft v0.98.0 in quality gate tests [[#1623](https://github.com/anchore/grype/pull/1623) [@westonsteimel](https://github.com/westonsteimel)] +- update syft to v0.98.0; go mod tidy [[#1621](https://github.com/anchore/grype/pull/1621) [@spiffcs](https://github.com/spiffcs)] + **[(Full Changelog)](https://github.com/anchore/grype/compare/v0.73.3...v0.73.4)** diff --git a/content/docs/releases/grype/v0.74.0.md b/content/docs/releases/grype/v0.74.0.md index 4b2f3a3d..1341997d 100644 --- a/content/docs/releases/grype/v0.74.0.md +++ b/content/docs/releases/grype/v0.74.0.md @@ -11,17 +11,17 @@ description = "Release notes for grype v0.74.0" Version [v0.74.0](https://github.com/anchore/grype/releases/tag/v0.74.0) -## Added Features - -- Vulnerabilities marked as fixed in distro packages should be reported as fixed for all contained packages too [[#1236](https://github.com/anchore/grype/issues/1236) [#1603](https://github.com/anchore/grype/pull/1603) [@luhring](https://github.com/luhring)] - -## Bug Fixes - -- Parameter `quiet` is ignored in configuration file [[#1645](https://github.com/anchore/grype/issues/1645) [#1646](https://github.com/anchore/grype/pull/1646) [@plavy](https://github.com/plavy)] -- 401 unauthorized pulling from public registry [[#1637](https://github.com/anchore/grype/issues/1637)] - -## Additional Changes - -- Update Syft to 0.100.0 [[#1649](https://github.com/anchore/grype/pull/1649)] - +## Added Features + +- Vulnerabilities marked as fixed in distro packages should be reported as fixed for all contained packages too [[#1236](https://github.com/anchore/grype/issues/1236) [#1603](https://github.com/anchore/grype/pull/1603) [@luhring](https://github.com/luhring)] + +## Bug Fixes + +- Parameter `quiet` is ignored in configuration file [[#1645](https://github.com/anchore/grype/issues/1645) [#1646](https://github.com/anchore/grype/pull/1646) [@plavy](https://github.com/plavy)] +- 401 unauthorized pulling from public registry [[#1637](https://github.com/anchore/grype/issues/1637)] + +## Additional Changes + +- Update Syft to 0.100.0 [[#1649](https://github.com/anchore/grype/pull/1649)] + **[(Full Changelog)](https://github.com/anchore/grype/compare/v0.73.5...v0.74.0)** diff --git a/content/docs/releases/grype/v0.74.1.md b/content/docs/releases/grype/v0.74.1.md index 13aa330a..db4e1670 100644 --- a/content/docs/releases/grype/v0.74.1.md +++ b/content/docs/releases/grype/v0.74.1.md @@ -11,13 +11,13 @@ description = "Release notes for grype v0.74.1" Version [v0.74.1](https://github.com/anchore/grype/releases/tag/v0.74.1) -## Security Fixes - -- bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 [[#1651](https://github.com/anchore/grype/pull/1651) [@dependabot](https://github.com/dependabot)] - -## Additional Changes - -- fix logging configuration in tests [[#1655](https://github.com/anchore/grype/pull/1655) [@plavy](https://github.com/plavy)] -- Update Syft to 0.101.0 [[#1663](https://github.com/anchore/grype/pull/1663)] - +## Security Fixes + +- bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 [[#1651](https://github.com/anchore/grype/pull/1651) [@dependabot](https://github.com/dependabot)] + +## Additional Changes + +- fix logging configuration in tests [[#1655](https://github.com/anchore/grype/pull/1655) [@plavy](https://github.com/plavy)] +- Update Syft to 0.101.0 [[#1663](https://github.com/anchore/grype/pull/1663)] + **[(Full Changelog)](https://github.com/anchore/grype/compare/v0.74.0...v0.74.1)** diff --git a/content/docs/releases/grype/v0.74.7.md b/content/docs/releases/grype/v0.74.7.md index 08694b2c..d952b639 100644 --- a/content/docs/releases/grype/v0.74.7.md +++ b/content/docs/releases/grype/v0.74.7.md @@ -11,13 +11,13 @@ description = "Release notes for grype v0.74.7" Version [v0.74.7](https://github.com/anchore/grype/releases/tag/v0.74.7) -## Bug Fixes - -- return exit codes from install script [[#1725](https://github.com/anchore/grype/pull/1725) [@hacst](https://github.com/hacst)] -- GitHub code scanning alerts missing information [[#1715](https://github.com/anchore/grype/issues/1715) [#1720](https://github.com/anchore/grype/pull/1720) [@kzantow](https://github.com/kzantow)] - -## Additional Changes - -- update Syft to v0.105.1 [[#1728](https://github.com/anchore/grype/pull/1728)] - +## Bug Fixes + +- return exit codes from install script [[#1725](https://github.com/anchore/grype/pull/1725) [@hacst](https://github.com/hacst)] +- GitHub code scanning alerts missing information [[#1715](https://github.com/anchore/grype/issues/1715) [#1720](https://github.com/anchore/grype/pull/1720) [@kzantow](https://github.com/kzantow)] + +## Additional Changes + +- update Syft to v0.105.1 [[#1728](https://github.com/anchore/grype/pull/1728)] + **[(Full Changelog)](https://github.com/anchore/grype/compare/v0.74.6...v0.74.7)** diff --git a/content/docs/releases/grype/v0.76.0.md b/content/docs/releases/grype/v0.76.0.md index 38b5233b..fb5a6e47 100644 --- a/content/docs/releases/grype/v0.76.0.md +++ b/content/docs/releases/grype/v0.76.0.md @@ -11,16 +11,16 @@ description = "Release notes for grype v0.76.0" Version [v0.76.0](https://github.com/anchore/grype/releases/tag/v0.76.0) -## Added Features - -- Database download timeouts [[#1731](https://github.com/anchore/grype/issues/1731) #1777 [@willmurphyscode](https://github.com/willmurphyscode)] - -## Bug Fixes - -- Disable matching kernel vulnerabilities by default for indirect matches against the 'kernel-headers' packages [[#1762](https://github.com/anchore/grype/issues/1762) [#1787](https://github.com/anchore/grype/pull/1787) [@zhill](https://github.com/zhill)] - -## Additional Changes - -- Update Syft to v1.2.0 [[#1803](https://github.com/anchore/grype/pull/1803)], which fixes https://github.com/anchore/grype/issues/1792 - +## Added Features + +- Database download timeouts [[#1731](https://github.com/anchore/grype/issues/1731) #1777 [@willmurphyscode](https://github.com/willmurphyscode)] + +## Bug Fixes + +- Disable matching kernel vulnerabilities by default for indirect matches against the 'kernel-headers' packages [[#1762](https://github.com/anchore/grype/issues/1762) [#1787](https://github.com/anchore/grype/pull/1787) [@zhill](https://github.com/zhill)] + +## Additional Changes + +- Update Syft to v1.2.0 [[#1803](https://github.com/anchore/grype/pull/1803)], which fixes https://github.com/anchore/grype/issues/1792 + **[(Full Changelog)](https://github.com/anchore/grype/compare/v0.75.0...v0.76.0)** diff --git a/content/docs/releases/grype/v0.77.3.md b/content/docs/releases/grype/v0.77.3.md index 1915cdec..4217e546 100644 --- a/content/docs/releases/grype/v0.77.3.md +++ b/content/docs/releases/grype/v0.77.3.md @@ -11,8 +11,8 @@ description = "Release notes for grype v0.77.3" Version [v0.77.3](https://github.com/anchore/grype/releases/tag/v0.77.3) -## Additional Changes - -- Remove providers' pull information from DB metadata file [[#1846](https://github.com/anchore/grype/pull/1846) [@asomya](https://github.com/asomya)] - +## Additional Changes + +- Remove providers' pull information from DB metadata file [[#1846](https://github.com/anchore/grype/pull/1846) [@asomya](https://github.com/asomya)] + **[(Full Changelog)](https://github.com/anchore/grype/compare/v0.77.2...v0.77.3)** diff --git a/content/docs/releases/grype/v0.78.0.md b/content/docs/releases/grype/v0.78.0.md index 0871adb2..a9fca70c 100644 --- a/content/docs/releases/grype/v0.78.0.md +++ b/content/docs/releases/grype/v0.78.0.md @@ -19,7 +19,7 @@ Version [v0.78.0](https://github.com/anchore/grype/releases/tag/v0.78.0) - ask catalog for package, rather than type asserting [[#1857](https://github.com/anchore/grype/pull/1857) [@willmurphyscode](https://github.com/willmurphyscode)] - Disable TUI for simple commands [[#1872](https://github.com/anchore/grype/pull/1872) [@wagoodman](https://github.com/wagoodman)] -- False Positive: CVE-2023-42282 not affected in SUSE ecosystem [[#1813](https://github.com/anchore/grype/issues/1813)] +- False Positive: CVE-2023-42282 not affected in SUSE ecosystem [[#1813](https://github.com/anchore/grype/issues/1813)] - False positive GHSA-jr9c-h74f-2v28/CVE-2022-0905 reported for Non-vulnerable Gitea version [[#1416](https://github.com/anchore/grype/issues/1416)] ## Additional Changes diff --git a/content/docs/releases/grype/v0.79.1.md b/content/docs/releases/grype/v0.79.1.md index 6a7c2152..30731d61 100644 --- a/content/docs/releases/grype/v0.79.1.md +++ b/content/docs/releases/grype/v0.79.1.md @@ -11,9 +11,9 @@ description = "Release notes for grype v0.79.1" Version [v0.79.1](https://github.com/anchore/grype/releases/tag/v0.79.1) -## Updates - -- update CI to install golang at the latest version [[#1949](https://github.com/anchore/grype/pull/1949) [@spiffcs](https://github.com/spiffcs)] -- Grype is now built with the latest version of Golang at v1.22.x. This resolves a few security findings that would have been flagged against the v0.79.0 binary for using an older version of the Golang standard library. - +## Updates + +- update CI to install golang at the latest version [[#1949](https://github.com/anchore/grype/pull/1949) [@spiffcs](https://github.com/spiffcs)] +- Grype is now built with the latest version of Golang at v1.22.x. This resolves a few security findings that would have been flagged against the v0.79.0 binary for using an older version of the Golang standard library. + **[(Full Changelog)](https://github.com/anchore/grype/compare/v0.79.0...v0.79.1)** diff --git a/content/docs/releases/grype/v0.8.0.md b/content/docs/releases/grype/v0.8.0.md index 86440c8f..28043800 100644 --- a/content/docs/releases/grype/v0.8.0.md +++ b/content/docs/releases/grype/v0.8.0.md @@ -11,18 +11,17 @@ description = "Release notes for grype v0.8.0" Version [v0.8.0](https://github.com/anchore/grype/releases/tag/v0.8.0) -## [v0.8.0](https://github.com/anchore/grype/tree/v0.8.0) (2021-03-15) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.7.0...v0.8.0) - -**Implemented enhancements:** - -- Refactor constraint expression parser to allow for quoted versions [\#234](https://github.com/anchore/grype/pull/234) ([wagoodman](https://github.com/wagoodman)) - -**Fixed bugs:** - -- Can't use syft JSON output as input [\#235](https://github.com/anchore/grype/issues/235) -- Reporting "exponent has no digits" on go case [\#246](https://github.com/anchore/grype/issues/246) - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.8.0](https://github.com/anchore/grype/tree/v0.8.0) (2021-03-15) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.7.0...v0.8.0) + +**Implemented enhancements:** + +- Refactor constraint expression parser to allow for quoted versions [\#234](https://github.com/anchore/grype/pull/234) ([wagoodman](https://github.com/wagoodman)) + +**Fixed bugs:** + +- Can't use syft JSON output as input [\#235](https://github.com/anchore/grype/issues/235) +- Reporting "exponent has no digits" on go case [\#246](https://github.com/anchore/grype/issues/246) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/grype/v0.80.1.md b/content/docs/releases/grype/v0.80.1.md index 75621815..b3aa5d14 100644 --- a/content/docs/releases/grype/v0.80.1.md +++ b/content/docs/releases/grype/v0.80.1.md @@ -11,12 +11,12 @@ description = "Release notes for grype v0.80.1" Version [v0.80.1](https://github.com/anchore/grype/releases/tag/v0.80.1) -## Bug Fixes - -- CVE-2024-3154 found with latest version [[#1834](https://github.com/anchore/grype/issues/1834) [#2091](https://github.com/anchore/grype/pull/2091) [@spiffcs](https://github.com/spiffcs)] - -## Additional Changes - -- Update Syft to 1.12.2 [[#2108](https://github.com/anchore/grype/pull/2108)] - +## Bug Fixes + +- CVE-2024-3154 found with latest version [[#1834](https://github.com/anchore/grype/issues/1834) [#2091](https://github.com/anchore/grype/pull/2091) [@spiffcs](https://github.com/spiffcs)] + +## Additional Changes + +- Update Syft to 1.12.2 [[#2108](https://github.com/anchore/grype/pull/2108)] + **[(Full Changelog)](https://github.com/anchore/grype/compare/v0.80.0...v0.80.1)** diff --git a/content/docs/releases/grype/v0.84.0.md b/content/docs/releases/grype/v0.84.0.md index 9a64744e..e3cdb805 100644 --- a/content/docs/releases/grype/v0.84.0.md +++ b/content/docs/releases/grype/v0.84.0.md @@ -11,17 +11,17 @@ description = "Release notes for grype v0.84.0" Version [v0.84.0](https://github.com/anchore/grype/releases/tag/v0.84.0) -## Added Features - -- Add support for scanning single purl from the CLI [[#2225](https://github.com/anchore/grype/issues/2225) [#2223](https://github.com/anchore/grype/pull/2223) [@wagoodman](https://github.com/wagoodman)] - -## Bug Fixes - -- Flaky checks on STDIN for purl provider [[#2192](https://github.com/anchore/grype/issues/2192) [#2223](https://github.com/anchore/grype/pull/2223) [@wagoodman](https://github.com/wagoodman)] -- Missing alpine patch version yields inaccurate results [[#2222](https://github.com/anchore/grype/issues/2222) [#2226](https://github.com/anchore/grype/pull/2226) [@wagoodman](https://github.com/wagoodman)] - -## Additional Changes - -- update Syft to v1.16.0 [[#2237](https://github.com/anchore/grype/pull/2237) [@anchore](https://github.com/anchore)-actions-token-generator] - +## Added Features + +- Add support for scanning single purl from the CLI [[#2225](https://github.com/anchore/grype/issues/2225) [#2223](https://github.com/anchore/grype/pull/2223) [@wagoodman](https://github.com/wagoodman)] + +## Bug Fixes + +- Flaky checks on STDIN for purl provider [[#2192](https://github.com/anchore/grype/issues/2192) [#2223](https://github.com/anchore/grype/pull/2223) [@wagoodman](https://github.com/wagoodman)] +- Missing alpine patch version yields inaccurate results [[#2222](https://github.com/anchore/grype/issues/2222) [#2226](https://github.com/anchore/grype/pull/2226) [@wagoodman](https://github.com/wagoodman)] + +## Additional Changes + +- update Syft to v1.16.0 [[#2237](https://github.com/anchore/grype/pull/2237) [@anchore](https://github.com/anchore)-actions-token-generator] + **[(Full Changelog)](https://github.com/anchore/grype/compare/v0.83.0...v0.84.0)** diff --git a/content/docs/releases/grype/v0.85.0.md b/content/docs/releases/grype/v0.85.0.md index 8ab5e93c..932d5b71 100644 --- a/content/docs/releases/grype/v0.85.0.md +++ b/content/docs/releases/grype/v0.85.0.md @@ -11,18 +11,18 @@ description = "Release notes for grype v0.85.0" Version [v0.85.0](https://github.com/anchore/grype/releases/tag/v0.85.0) -## Added Features - -- Add support for gradle in Java [[#2236](https://github.com/anchore/grype/issues/2236)] -- Prefer direct match information over indirect matches [[#1931](https://github.com/anchore/grype/issues/1931) [#2241](https://github.com/anchore/grype/pull/2241) [@wagoodman](https://github.com/wagoodman)] - -## Bug Fixes - -- Restore log on UI teardown [[#2248](https://github.com/anchore/grype/pull/2248) [@wagoodman](https://github.com/wagoodman)] -- Display warnings even when `-v` is not passed and no tty is present [[#2180](https://github.com/anchore/grype/issues/2180) [#2268](https://github.com/anchore/grype/pull/2268) [@willmurphyscode](https://github.com/willmurphyscode)] - -## Additional Changes - -- core dependencies: latest syft v1.17.0 and latest stereoscope v0.0.9 [[#2275](https://github.com/anchore/grype/pull/2275) [@willmurphyscode](https://github.com/willmurphyscode)] - +## Added Features + +- Add support for gradle in Java [[#2236](https://github.com/anchore/grype/issues/2236)] +- Prefer direct match information over indirect matches [[#1931](https://github.com/anchore/grype/issues/1931) [#2241](https://github.com/anchore/grype/pull/2241) [@wagoodman](https://github.com/wagoodman)] + +## Bug Fixes + +- Restore log on UI teardown [[#2248](https://github.com/anchore/grype/pull/2248) [@wagoodman](https://github.com/wagoodman)] +- Display warnings even when `-v` is not passed and no tty is present [[#2180](https://github.com/anchore/grype/issues/2180) [#2268](https://github.com/anchore/grype/pull/2268) [@willmurphyscode](https://github.com/willmurphyscode)] + +## Additional Changes + +- core dependencies: latest syft v1.17.0 and latest stereoscope v0.0.9 [[#2275](https://github.com/anchore/grype/pull/2275) [@willmurphyscode](https://github.com/willmurphyscode)] + **[(Full Changelog)](https://github.com/anchore/grype/compare/v0.84.0...v0.85.0)** diff --git a/content/docs/releases/grype/v0.86.0.md b/content/docs/releases/grype/v0.86.0.md index c262379b..961700cf 100644 --- a/content/docs/releases/grype/v0.86.0.md +++ b/content/docs/releases/grype/v0.86.0.md @@ -17,7 +17,7 @@ Version [v0.86.0](https://github.com/anchore/grype/releases/tag/v0.86.0) ## Bug Fixes -- ignore linux-aws-headers-.* as well like linux-headers-.* [[#2295](https://github.com/anchore/grype/pull/2295) [@barnuri](https://github.com/barnuri)] +- ignore linux-aws-headers-._ as well like linux-headers-._ [[#2295](https://github.com/anchore/grype/pull/2295) [@barnuri](https://github.com/barnuri)] ## Breaking Changes diff --git a/content/docs/releases/grype/v0.87.0.md b/content/docs/releases/grype/v0.87.0.md index bb7fd705..1c9d2da3 100644 --- a/content/docs/releases/grype/v0.87.0.md +++ b/content/docs/releases/grype/v0.87.0.md @@ -18,7 +18,7 @@ Version [v0.87.0](https://github.com/anchore/grype/releases/tag/v0.87.0) ## Bug Fixes -- fix upstream match for linux-.*-headers-.* [[#2320](https://github.com/anchore/grype/pull/2320) [@barnuri](https://github.com/barnuri)] +- fix upstream match for linux-._-headers-._ [[#2320](https://github.com/anchore/grype/pull/2320) [@barnuri](https://github.com/barnuri)] - external-sources: throttle requests to maven central to avoid being rate limited for large sets of java dependencies [[#2384](https://github.com/anchore/grype/pull/2384) [@rawlingsj](https://github.com/rawlingsj)] - Clean up config help text [[#2347](https://github.com/anchore/grype/pull/2347) [@wagoodman](https://github.com/wagoodman)] diff --git a/content/docs/releases/grype/v0.88.0.md b/content/docs/releases/grype/v0.88.0.md index ebea979d..78789731 100644 --- a/content/docs/releases/grype/v0.88.0.md +++ b/content/docs/releases/grype/v0.88.0.md @@ -11,42 +11,42 @@ description = "Release notes for grype v0.88.0" Version [v0.88.0](https://github.com/anchore/grype/releases/tag/v0.88.0) -> [!IMPORTANT] -> With #2126 the listing file which hosts the URLs of databases to download has migrated from `https://toolbox-data.anchore.io/grype/databases/listing.json` to `https://grype.anchore.io/databases/v6/latest.json`. - -## Added Features - -- Add KEV information to v6 DB [[#2464](https://github.com/anchore/grype/pull/2464) [@wagoodman](https://github.com/wagoodman)] -- Add pretty format option [[#2406](https://github.com/anchore/grype/pull/2406) [@tomersein](https://github.com/tomersein)] -- Add configuration for maven rate limit functionality [[#2397](https://github.com/anchore/grype/pull/2397) [@rawlingsj](https://github.com/rawlingsj)] -- Allow specifying literal CPEs via the CLI [[#2463](https://github.com/anchore/grype/pull/2463) [@wagoodman](https://github.com/wagoodman)] -- Add KEV & EPSS to db search schema [[#2481](https://github.com/anchore/grype/pull/2481) [@wagoodman](https://github.com/wagoodman)] -- Update vulnerability matchers to use v6 DB schema [[#2132](https://github.com/anchore/grype/issues/2132) [#2311](https://github.com/anchore/grype/pull/2311) [@kzantow](https://github.com/kzantow)] -- Configure and use new V6 DB distribution URLs [[#2126](https://github.com/anchore/grype/issues/2126) [#2439](https://github.com/anchore/grype/pull/2439) [@kzantow](https://github.com/kzantow)] - -## Bug Fixes - -- fix golang 1.24 versions when not semver compliant [[#2486](https://github.com/anchore/grype/pull/2486) [@xnox](https://github.com/xnox)] -- error out on maven search rate limiting [[#2460](https://github.com/anchore/grype/pull/2460) [@luhring](https://github.com/luhring)] -- CPE search failed when considering target software for unknown package type [[#2434](https://github.com/anchore/grype/issues/2434) [#2438](https://github.com/anchore/grype/pull/2438) [@westonsteimel](https://github.com/westonsteimel)] -- Grype Does Not Clean TMPDIR When Running in a Docker Container [[#2500](https://github.com/anchore/grype/issues/2500)] -- `GetMavenPackageBySha` can be rate limited by maven central, grype will silently fail which results in inconsistent scan results [[#2383](https://github.com/anchore/grype/issues/2383)] -- Grype exits with error on JSON output with PURL input [[#2360](https://github.com/anchore/grype/issues/2360)] -- Removal of temporary files not working on Windows [[#2233](https://github.com/anchore/grype/issues/2233) [#2439](https://github.com/anchore/grype/pull/2439) [@kzantow](https://github.com/kzantow)] -- `grype db status` reports "valid" when the DB is missing [[#2077](https://github.com/anchore/grype/issues/2077) [#2439](https://github.com/anchore/grype/pull/2439) [@kzantow](https://github.com/kzantow)] -- `grype db status` doesn't always check the db's checksum and validity [[#1648](https://github.com/anchore/grype/issues/1648) [#2439](https://github.com/anchore/grype/pull/2439) [@kzantow](https://github.com/kzantow)] -- False positive of CVE-2023-45853 on apt zlib1g/now 1:1.2.13.dfsg-1 package [[#2412](https://github.com/anchore/grype/issues/2412) [#2474](https://github.com/anchore/grype/pull/2474) [@westonsteimel](https://github.com/westonsteimel)] -- GHSA-93ww-43rr-79v3 / CVE-2024-10039 does not get patched version [[#2408](https://github.com/anchore/grype/issues/2408)] -- "grype config" output swaps comments for search-indexed-archives / search-unindexed-archives [[#2409](https://github.com/anchore/grype/issues/2409) [#2414](https://github.com/anchore/grype/pull/2414) [@spiffcs](https://github.com/spiffcs)] - -## Breaking Changes - -- Remove DB schema v3 and v4 code [[#2435](https://github.com/anchore/grype/pull/2435) [@wagoodman](https://github.com/wagoodman)] -- Replace `grype db diff` with `grype db search` `--modified-after` and `--published-after` flags [[#2129](https://github.com/anchore/grype/issues/2129) [#2439](https://github.com/anchore/grype/pull/2439) [@kzantow](https://github.com/kzantow)] - -## Additional Changes - -- Refactor presenters to use static model over dynamic lookups [[#2492](https://github.com/anchore/grype/pull/2492) [@wagoodman](https://github.com/wagoodman)] -- update syft to 1.20 [[#2473](https://github.com/anchore/grype/pull/2473) [@kzantow](https://github.com/kzantow)] - +> [!IMPORTANT] +> With #2126 the listing file which hosts the URLs of databases to download has migrated from `https://toolbox-data.anchore.io/grype/databases/listing.json` to `https://grype.anchore.io/databases/v6/latest.json`. + +## Added Features + +- Add KEV information to v6 DB [[#2464](https://github.com/anchore/grype/pull/2464) [@wagoodman](https://github.com/wagoodman)] +- Add pretty format option [[#2406](https://github.com/anchore/grype/pull/2406) [@tomersein](https://github.com/tomersein)] +- Add configuration for maven rate limit functionality [[#2397](https://github.com/anchore/grype/pull/2397) [@rawlingsj](https://github.com/rawlingsj)] +- Allow specifying literal CPEs via the CLI [[#2463](https://github.com/anchore/grype/pull/2463) [@wagoodman](https://github.com/wagoodman)] +- Add KEV & EPSS to db search schema [[#2481](https://github.com/anchore/grype/pull/2481) [@wagoodman](https://github.com/wagoodman)] +- Update vulnerability matchers to use v6 DB schema [[#2132](https://github.com/anchore/grype/issues/2132) [#2311](https://github.com/anchore/grype/pull/2311) [@kzantow](https://github.com/kzantow)] +- Configure and use new V6 DB distribution URLs [[#2126](https://github.com/anchore/grype/issues/2126) [#2439](https://github.com/anchore/grype/pull/2439) [@kzantow](https://github.com/kzantow)] + +## Bug Fixes + +- fix golang 1.24 versions when not semver compliant [[#2486](https://github.com/anchore/grype/pull/2486) [@xnox](https://github.com/xnox)] +- error out on maven search rate limiting [[#2460](https://github.com/anchore/grype/pull/2460) [@luhring](https://github.com/luhring)] +- CPE search failed when considering target software for unknown package type [[#2434](https://github.com/anchore/grype/issues/2434) [#2438](https://github.com/anchore/grype/pull/2438) [@westonsteimel](https://github.com/westonsteimel)] +- Grype Does Not Clean TMPDIR When Running in a Docker Container [[#2500](https://github.com/anchore/grype/issues/2500)] +- `GetMavenPackageBySha` can be rate limited by maven central, grype will silently fail which results in inconsistent scan results [[#2383](https://github.com/anchore/grype/issues/2383)] +- Grype exits with error on JSON output with PURL input [[#2360](https://github.com/anchore/grype/issues/2360)] +- Removal of temporary files not working on Windows [[#2233](https://github.com/anchore/grype/issues/2233) [#2439](https://github.com/anchore/grype/pull/2439) [@kzantow](https://github.com/kzantow)] +- `grype db status` reports "valid" when the DB is missing [[#2077](https://github.com/anchore/grype/issues/2077) [#2439](https://github.com/anchore/grype/pull/2439) [@kzantow](https://github.com/kzantow)] +- `grype db status` doesn't always check the db's checksum and validity [[#1648](https://github.com/anchore/grype/issues/1648) [#2439](https://github.com/anchore/grype/pull/2439) [@kzantow](https://github.com/kzantow)] +- False positive of CVE-2023-45853 on apt zlib1g/now 1:1.2.13.dfsg-1 package [[#2412](https://github.com/anchore/grype/issues/2412) [#2474](https://github.com/anchore/grype/pull/2474) [@westonsteimel](https://github.com/westonsteimel)] +- GHSA-93ww-43rr-79v3 / CVE-2024-10039 does not get patched version [[#2408](https://github.com/anchore/grype/issues/2408)] +- "grype config" output swaps comments for search-indexed-archives / search-unindexed-archives [[#2409](https://github.com/anchore/grype/issues/2409) [#2414](https://github.com/anchore/grype/pull/2414) [@spiffcs](https://github.com/spiffcs)] + +## Breaking Changes + +- Remove DB schema v3 and v4 code [[#2435](https://github.com/anchore/grype/pull/2435) [@wagoodman](https://github.com/wagoodman)] +- Replace `grype db diff` with `grype db search` `--modified-after` and `--published-after` flags [[#2129](https://github.com/anchore/grype/issues/2129) [#2439](https://github.com/anchore/grype/pull/2439) [@kzantow](https://github.com/kzantow)] + +## Additional Changes + +- Refactor presenters to use static model over dynamic lookups [[#2492](https://github.com/anchore/grype/pull/2492) [@wagoodman](https://github.com/wagoodman)] +- update syft to 1.20 [[#2473](https://github.com/anchore/grype/pull/2473) [@kzantow](https://github.com/kzantow)] + **[(Full Changelog)](https://github.com/anchore/grype/compare/v0.87.0...v0.88.0)** diff --git a/content/docs/releases/grype/v0.89.0.md b/content/docs/releases/grype/v0.89.0.md index 78f97087..204e7f10 100644 --- a/content/docs/releases/grype/v0.89.0.md +++ b/content/docs/releases/grype/v0.89.0.md @@ -11,15 +11,15 @@ description = "Release notes for grype v0.89.0" Version [v0.89.0](https://github.com/anchore/grype/releases/tag/v0.89.0) -> [!IMPORTANT] -> As of Grype v0.88.0, the listing file which hosts the URLs of databases to download has migrated from `https://toolbox-data.anchore.io/grype/databases/listing.json` to `https://grype.anchore.io/databases/v6/latest.json`. - -## Added Features - -- Show suggested fixed version when there are multiple listed [[#2264](https://github.com/anchore/grype/issues/2264) [#2271](https://github.com/anchore/grype/pull/2271) [@tomersein](https://github.com/tomersein)] - -## Bug Fixes - -- Check for vulnerability database update failed with `unsupported protocol scheme` when referencing local file [[#2507](https://github.com/anchore/grype/issues/2507) [#2508](https://github.com/anchore/grype/pull/2508) [@wagoodman](https://github.com/wagoodman)] - +> [!IMPORTANT] +> As of Grype v0.88.0, the listing file which hosts the URLs of databases to download has migrated from `https://toolbox-data.anchore.io/grype/databases/listing.json` to `https://grype.anchore.io/databases/v6/latest.json`. + +## Added Features + +- Show suggested fixed version when there are multiple listed [[#2264](https://github.com/anchore/grype/issues/2264) [#2271](https://github.com/anchore/grype/pull/2271) [@tomersein](https://github.com/tomersein)] + +## Bug Fixes + +- Check for vulnerability database update failed with `unsupported protocol scheme` when referencing local file [[#2507](https://github.com/anchore/grype/issues/2507) [#2508](https://github.com/anchore/grype/pull/2508) [@wagoodman](https://github.com/wagoodman)] + **[(Full Changelog)](https://github.com/anchore/grype/compare/v0.88.0...v0.89.0)** diff --git a/content/docs/releases/grype/v0.9.0.md b/content/docs/releases/grype/v0.9.0.md index e025fe08..79941c7e 100644 --- a/content/docs/releases/grype/v0.9.0.md +++ b/content/docs/releases/grype/v0.9.0.md @@ -11,27 +11,24 @@ description = "Release notes for grype v0.9.0" Version [v0.9.0](https://github.com/anchore/grype/releases/tag/v0.9.0) -## [v0.9.0](https://github.com/anchore/grype/tree/v0.9.0) (2021-03-25) - -[Full Changelog](https://github.com/anchore/grype/compare/v0.8.0...v0.9.0) - -**Implemented enhancements:** - -- Grype Docker Image [\#227](https://github.com/anchore/grype/issues/227) - -**Fixed bugs:** - -- Dockerfile for Grype [\#249](https://github.com/anchore/grype/issues/249) -- Reporting "exponent has no digits" on go case [\#246](https://github.com/anchore/grype/issues/246) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/grype:latest` -- `docker pull anchore/grype:v0.9.0` -- `docker pull anchore/grype:v0` +## [v0.9.0](https://github.com/anchore/grype/tree/v0.9.0) (2021-03-25) + +[Full Changelog](https://github.com/anchore/grype/compare/v0.8.0...v0.9.0) + +**Implemented enhancements:** + +- Grype Docker Image [\#227](https://github.com/anchore/grype/issues/227) + +**Fixed bugs:** + +- Dockerfile for Grype [\#249](https://github.com/anchore/grype/issues/249) +- Reporting "exponent has no digits" on go case [\#246](https://github.com/anchore/grype/issues/246) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/grype:latest` +- `docker pull anchore/grype:v0.9.0` +- `docker pull anchore/grype:v0` - `docker pull anchore/grype:v0.9` diff --git a/content/docs/releases/grype/v0.92.0.md b/content/docs/releases/grype/v0.92.0.md index 86372b6d..c5bf3d1e 100644 --- a/content/docs/releases/grype/v0.92.0.md +++ b/content/docs/releases/grype/v0.92.0.md @@ -29,7 +29,7 @@ Version [v0.92.0](https://github.com/anchore/grype/releases/tag/v0.92.0) - Vulnerability reported on [@group](https://github.com/group)/name dependency when actual vulnerability exists on name dependency [[#1701](https://github.com/anchore/grype/issues/1701) [#2645](https://github.com/anchore/grype/pull/2645) [@kzantow](https://github.com/kzantow)] - Grype false negatives in versions v0.88.0 and later leading to missed critical vulnerabilities [[#2628](https://github.com/anchore/grype/issues/2628) [#2645](https://github.com/anchore/grype/pull/2645) [@kzantow](https://github.com/kzantow)] - PHP pecl redis mixes with redis project itself and creates false positive cve [[#1804](https://github.com/anchore/grype/issues/1804)] -- False Positive: Openssl CVE-2022-2068, CVE-2022-1292, CVE-2021-3711 in SUSE Enterprise 15 SP5 [[#1729](https://github.com/anchore/grype/issues/1729)] +- False Positive: Openssl CVE-2022-2068, CVE-2022-1292, CVE-2021-3711 in SUSE Enterprise 15 SP5 [[#1729](https://github.com/anchore/grype/issues/1729)] - Grype does not handle purl file input with packages from different distributions [[#2630](https://github.com/anchore/grype/issues/2630) [#2639](https://github.com/anchore/grype/pull/2639) [@chovanecadam](https://github.com/chovanecadam)] - grype pkg:golang/k8s.io/ingress-nginx[@v1](https://github.com/v1).11.2 does not show cve [[#2580](https://github.com/anchore/grype/issues/2580) [#2586](https://github.com/anchore/grype/pull/2586) [@goatwu1993](https://github.com/goatwu1993)] diff --git a/content/docs/releases/grype/v0.96.1.md b/content/docs/releases/grype/v0.96.1.md index 38800270..5460d774 100644 --- a/content/docs/releases/grype/v0.96.1.md +++ b/content/docs/releases/grype/v0.96.1.md @@ -11,10 +11,12 @@ description = "Release notes for grype v0.96.1" Version [v0.96.1](https://github.com/anchore/grype/releases/tag/v0.96.1) -## Syft Improvments -- Update to latest version of syft [v1.29.0](https://github.com/anchore/syft/releases/tag/v1.29.0) - -## Performance Improvements -- Create ignore regex objects conditionally[[#2805](https://github.com/anchore/grype/pull/2805) [@wagoodman](https://github.com/wagoodman) ] - +## Syft Improvments + +- Update to latest version of syft [v1.29.0](https://github.com/anchore/syft/releases/tag/v1.29.0) + +## Performance Improvements + +- Create ignore regex objects conditionally[[#2805](https://github.com/anchore/grype/pull/2805) [@wagoodman](https://github.com/wagoodman) ] + **[(Full Changelog)](https://github.com/anchore/grype/compare/v0.96.0...v0.96.1)** diff --git a/content/docs/releases/grype/v0.97.2.md b/content/docs/releases/grype/v0.97.2.md index 5d15a22a..969583f1 100644 --- a/content/docs/releases/grype/v0.97.2.md +++ b/content/docs/releases/grype/v0.97.2.md @@ -11,14 +11,14 @@ description = "Release notes for grype v0.97.2" Version [v0.97.2](https://github.com/anchore/grype/releases/tag/v0.97.2) -## Grype v0.97.2 - -## Added Features - -- new syft version adds binary classifier for hashicorp vault [[#4121](https://github.com/anchore/syft/pull/4121) [@willmurphyscode](https://github.com/willmurphyscode)] - -## Bug Fixes - -- fix: update syft's nondeterministic Java archive purl and improve groupID for better matching [[#3521](https://github.com/anchore/syft/issues/3521) [#4118](https://github.com/anchore/syft/pull/4118) [@kzantow](https://github.com/kzantow)] - +## Grype v0.97.2 + +## Added Features + +- new syft version adds binary classifier for hashicorp vault [[#4121](https://github.com/anchore/syft/pull/4121) [@willmurphyscode](https://github.com/willmurphyscode)] + +## Bug Fixes + +- fix: update syft's nondeterministic Java archive purl and improve groupID for better matching [[#3521](https://github.com/anchore/syft/issues/3521) [#4118](https://github.com/anchore/syft/pull/4118) [@kzantow](https://github.com/kzantow)] + **[(Full Changelog)](https://github.com/anchore/grype/compare/v0.97.1...v0.97.2)** diff --git a/content/docs/releases/grype/v0.99.0.md b/content/docs/releases/grype/v0.99.0.md index 192bea4c..ea825cbc 100644 --- a/content/docs/releases/grype/v0.99.0.md +++ b/content/docs/releases/grype/v0.99.0.md @@ -11,20 +11,20 @@ description = "Release notes for grype v0.99.0" Version [v0.99.0](https://github.com/anchore/grype/releases/tag/v0.99.0) -## Added Features - -- Add fix availability information to DB schema [[#2862](https://github.com/anchore/grype/pull/2862) [@wagoodman](https://github.com/wagoodman)] -- Add support vulnerability matching for raspbian [[#2893](https://github.com/anchore/grype/pull/2893) [@westonsteimel](https://github.com/westonsteimel)] -- Add Vex CSAF support [[#1826](https://github.com/anchore/grype/pull/1826) [@juan131](https://github.com/juan131)] - -## Bug Fixes - -- include channel in grype db search output [[#2873](https://github.com/anchore/grype/pull/2873) [@willmurphyscode](https://github.com/willmurphyscode)] -- add UnmarshalJSON to fix availability blob [[#2889](https://github.com/anchore/grype/pull/2889) [@willmurphyscode](https://github.com/willmurphyscode)] -- Grype misdetect Grafana version [[#2783](https://github.com/anchore/grype/issues/2783)] - -## Breaking Changes - -- CSAF support [[#1826](https://github.com/anchore/grype/pull/1826) [@juan131](https://github.com/juan131)] - +## Added Features + +- Add fix availability information to DB schema [[#2862](https://github.com/anchore/grype/pull/2862) [@wagoodman](https://github.com/wagoodman)] +- Add support vulnerability matching for raspbian [[#2893](https://github.com/anchore/grype/pull/2893) [@westonsteimel](https://github.com/westonsteimel)] +- Add Vex CSAF support [[#1826](https://github.com/anchore/grype/pull/1826) [@juan131](https://github.com/juan131)] + +## Bug Fixes + +- include channel in grype db search output [[#2873](https://github.com/anchore/grype/pull/2873) [@willmurphyscode](https://github.com/willmurphyscode)] +- add UnmarshalJSON to fix availability blob [[#2889](https://github.com/anchore/grype/pull/2889) [@willmurphyscode](https://github.com/willmurphyscode)] +- Grype misdetect Grafana version [[#2783](https://github.com/anchore/grype/issues/2783)] + +## Breaking Changes + +- CSAF support [[#1826](https://github.com/anchore/grype/pull/1826) [@juan131](https://github.com/juan131)] + **[(Full Changelog)](https://github.com/anchore/grype/compare/v0.98.0...v0.99.0)** diff --git a/content/docs/releases/sbom-action/_index.md b/content/docs/releases/sbom-action/_index.md index 97abb450..a3e9fa29 100644 --- a/content/docs/releases/sbom-action/_index.md +++ b/content/docs/releases/sbom-action/_index.md @@ -1,7 +1,7 @@ +++ tags = ['sbom-action'] categories = ['release'] -title = "Sbom-action Release Notes" +title = "Sbom-action Release Notes" linkTitle = "Sbom-action" url = "docs/releases/sbom-action" description = "Anchore Sbom-action Release Notes" diff --git a/content/docs/releases/sbom-action/v0.1.0.md b/content/docs/releases/sbom-action/v0.1.0.md index 53a43bbd..f5aa6280 100644 --- a/content/docs/releases/sbom-action/v0.1.0.md +++ b/content/docs/releases/sbom-action/v0.1.0.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.1.0" Version [v0.1.0](https://github.com/anchore/sbom-action/releases/tag/v0.1.0) -## Initial release of SBOM action 🎉 - +## Initial release of SBOM action 🎉 + Integrates software bill of material (SBOM) scanning into your GitHub action workflow! diff --git a/content/docs/releases/sbom-action/v0.10.0.md b/content/docs/releases/sbom-action/v0.10.0.md index 35c2e4c3..c4ff90fc 100644 --- a/content/docs/releases/sbom-action/v0.10.0.md +++ b/content/docs/releases/sbom-action/v0.10.0.md @@ -11,7 +11,7 @@ description = "Release notes for sbom-action v0.10.0" Version [v0.10.0](https://github.com/anchore/sbom-action/releases/tag/v0.10.0) -## Changes in v0.10.0 - -- Update Syft to v0.43.2 (#225) +## Changes in v0.10.0 + +- Update Syft to v0.43.2 (#225) - Improve SBOM format handling (#235) diff --git a/content/docs/releases/sbom-action/v0.11.0.md b/content/docs/releases/sbom-action/v0.11.0.md index 1ef8c0cd..df5138e5 100644 --- a/content/docs/releases/sbom-action/v0.11.0.md +++ b/content/docs/releases/sbom-action/v0.11.0.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.11.0" Version [v0.11.0](https://github.com/anchore/sbom-action/releases/tag/v0.11.0) -## Changes in v0.11.0 - +## Changes in v0.11.0 + - Update GitHub Snapshot to use correlator (#259) [kzantow](https://github.com/kzantow) diff --git a/content/docs/releases/sbom-action/v0.12.0.md b/content/docs/releases/sbom-action/v0.12.0.md index 17b97fc7..015d5e2b 100644 --- a/content/docs/releases/sbom-action/v0.12.0.md +++ b/content/docs/releases/sbom-action/v0.12.0.md @@ -11,9 +11,9 @@ description = "Release notes for sbom-action v0.12.0" Version [v0.12.0](https://github.com/anchore/sbom-action/releases/tag/v0.12.0) -## Changes in v0.12.0 - -- Update dependencies (#317) [kzantow](https://github.com/kzantow) -- Update Syft to v0.53.4 (#266) [anchore-actions-token-generator](https://github.com/anchore-actions-token-generator) -- Expose upload-artifact and upload-release-assets inputs (#277) [joshowen](https://github.com/joshowen) +## Changes in v0.12.0 + +- Update dependencies (#317) [kzantow](https://github.com/kzantow) +- Update Syft to v0.53.4 (#266) [anchore-actions-token-generator](https://github.com/anchore-actions-token-generator) +- Expose upload-artifact and upload-release-assets inputs (#277) [joshowen](https://github.com/joshowen) - Document the `dependency-snapshot` property (#297) [kzantow](https://github.com/kzantow) diff --git a/content/docs/releases/sbom-action/v0.13.0.md b/content/docs/releases/sbom-action/v0.13.0.md index 0a322fa8..b5e68129 100644 --- a/content/docs/releases/sbom-action/v0.13.0.md +++ b/content/docs/releases/sbom-action/v0.13.0.md @@ -11,8 +11,8 @@ description = "Release notes for sbom-action v0.13.0" Version [v0.13.0](https://github.com/anchore/sbom-action/releases/tag/v0.13.0) -## Changes in v0.13.0 - -- Allow type "file:..." to enable creation of SBOMs from tar and other package formats (#357) [[malt3](https://github.com/malt3)] -- Update Syft to v0.59.0 (#371) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +## Changes in v0.13.0 + +- Allow type "file:..." to enable creation of SBOMs from tar and other package formats (#357) [[malt3](https://github.com/malt3)] +- Update Syft to v0.59.0 (#371) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] - Update dependencies and node version (#372) [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/sbom-action/v0.13.1.md b/content/docs/releases/sbom-action/v0.13.1.md index 06591021..f777a8e6 100644 --- a/content/docs/releases/sbom-action/v0.13.1.md +++ b/content/docs/releases/sbom-action/v0.13.1.md @@ -11,7 +11,7 @@ description = "Release notes for sbom-action v0.13.1" Version [v0.13.1](https://github.com/anchore/sbom-action/releases/tag/v0.13.1) -## Changes in v0.13.1 - -- File input not being passed properly to Syft invocation (#385) [[kzantow](https://github.com/kzantow)] +## Changes in v0.13.1 + +- File input not being passed properly to Syft invocation (#385) [[kzantow](https://github.com/kzantow)] - Update Syft to v0.60.3 (#386) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.13.2.md b/content/docs/releases/sbom-action/v0.13.2.md index 369cc0df..d647b6d9 100644 --- a/content/docs/releases/sbom-action/v0.13.2.md +++ b/content/docs/releases/sbom-action/v0.13.2.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.13.2" Version [v0.13.2](https://github.com/anchore/sbom-action/releases/tag/v0.13.2) -## Changes in v0.13.2 - +## Changes in v0.13.2 + - Update Syft to v0.68.0 (#387) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.13.3.md b/content/docs/releases/sbom-action/v0.13.3.md index 1ee8c060..a03591aa 100644 --- a/content/docs/releases/sbom-action/v0.13.3.md +++ b/content/docs/releases/sbom-action/v0.13.3.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.13.3" Version [v0.13.3](https://github.com/anchore/sbom-action/releases/tag/v0.13.3) -## Changes in v0.13.3 - +## Changes in v0.13.3 + - Update Syft to v0.68.1 (#391) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.13.4.md b/content/docs/releases/sbom-action/v0.13.4.md index daad837e..02218a87 100644 --- a/content/docs/releases/sbom-action/v0.13.4.md +++ b/content/docs/releases/sbom-action/v0.13.4.md @@ -11,8 +11,8 @@ description = "Release notes for sbom-action v0.13.4" Version [v0.13.4](https://github.com/anchore/sbom-action/releases/tag/v0.13.4) -## Changes in v0.13.4 - -- Added support of workflow artifact's retention policy (#398) [[ViacheslavKudinov](https://github.com/ViacheslavKudinov)] -- Use the correct SHA for dependency snapshots from pull requests (#401) [[juxtin](https://github.com/juxtin)] +## Changes in v0.13.4 + +- Added support of workflow artifact's retention policy (#398) [[ViacheslavKudinov](https://github.com/ViacheslavKudinov)] +- Use the correct SHA for dependency snapshots from pull requests (#401) [[juxtin](https://github.com/juxtin)] - Update Syft to v0.75.0 (#394) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.14.1.md b/content/docs/releases/sbom-action/v0.14.1.md index 75ccc30c..54b88160 100644 --- a/content/docs/releases/sbom-action/v0.14.1.md +++ b/content/docs/releases/sbom-action/v0.14.1.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.14.1" Version [v0.14.1](https://github.com/anchore/sbom-action/releases/tag/v0.14.1) -## Changes in v0.14.1 - +## Changes in v0.14.1 + - chore(deps): update Syft to v0.76.0 (#403) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.14.2.md b/content/docs/releases/sbom-action/v0.14.2.md index edea4bd4..3ef5b4fe 100644 --- a/content/docs/releases/sbom-action/v0.14.2.md +++ b/content/docs/releases/sbom-action/v0.14.2.md @@ -11,8 +11,8 @@ description = "Release notes for sbom-action v0.14.2" Version [v0.14.2](https://github.com/anchore/sbom-action/releases/tag/v0.14.2) -## Changes in v0.14.2 - -- Update Syft to v0.80.0 (#415) -- Make sure all invalid artifact name characters are replaced #396 (#417) [[lts-po](https://github.com/lts-po)] +## Changes in v0.14.2 + +- Update Syft to v0.80.0 (#415) +- Make sure all invalid artifact name characters are replaced #396 (#417) [[lts-po](https://github.com/lts-po)] - Ensure SBOM is copied to `output-file` (#411) [[gszr](https://github.com/gszr)] diff --git a/content/docs/releases/sbom-action/v0.14.3.md b/content/docs/releases/sbom-action/v0.14.3.md index 4eb7e9ea..c9430c6d 100644 --- a/content/docs/releases/sbom-action/v0.14.3.md +++ b/content/docs/releases/sbom-action/v0.14.3.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.14.3" Version [v0.14.3](https://github.com/anchore/sbom-action/releases/tag/v0.14.3) -## Changes in v0.14.3 - +## Changes in v0.14.3 + - update Syft to v0.84.0 (#418) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.15.0.md b/content/docs/releases/sbom-action/v0.15.0.md index f5281c43..d427c020 100644 --- a/content/docs/releases/sbom-action/v0.15.0.md +++ b/content/docs/releases/sbom-action/v0.15.0.md @@ -11,14 +11,14 @@ description = "Release notes for sbom-action v0.15.0" Version [v0.15.0](https://github.com/anchore/sbom-action/releases/tag/v0.15.0) -## Changes in v0.14.4 - -## Breaking Changes - -- Previously, running on Windows required WSL. Now, running on Windows expects to be run on native windows (#426) [[willmurphyscode](https://github.com/willmurphyscode)]. - -## Other Changes - -- pin and upgrade actions/checkout (#428) [[willmurphyscode](https://github.com/willmurphyscode)] -- chore(deps): update Syft to v0.97.1 (#427) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +## Changes in v0.14.4 + +## Breaking Changes + +- Previously, running on Windows required WSL. Now, running on Windows expects to be run on native windows (#426) [[willmurphyscode](https://github.com/willmurphyscode)]. + +## Other Changes + +- pin and upgrade actions/checkout (#428) [[willmurphyscode](https://github.com/willmurphyscode)] +- chore(deps): update Syft to v0.97.1 (#427) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] - add oss community board auto-add workflow (#421) [[wagoodman](https://github.com/wagoodman)] diff --git a/content/docs/releases/sbom-action/v0.15.1.md b/content/docs/releases/sbom-action/v0.15.1.md index dfa651a7..d827a203 100644 --- a/content/docs/releases/sbom-action/v0.15.1.md +++ b/content/docs/releases/sbom-action/v0.15.1.md @@ -11,8 +11,8 @@ description = "Release notes for sbom-action v0.15.1" Version [v0.15.1](https://github.com/anchore/sbom-action/releases/tag/v0.15.1) -## Changes in v0.15.1 - -- chore(deps): update Syft to v0.98.0 (#431) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] -- Add config input (#430) [[eyakubovich](https://github.com/eyakubovich)] +## Changes in v0.15.1 + +- chore(deps): update Syft to v0.98.0 (#431) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +- Add config input (#430) [[eyakubovich](https://github.com/eyakubovich)] - chore: pin and upgrade gh actions (#429) [[willmurphyscode](https://github.com/willmurphyscode)] diff --git a/content/docs/releases/sbom-action/v0.15.10.md b/content/docs/releases/sbom-action/v0.15.10.md index 9459b0e9..8970b267 100644 --- a/content/docs/releases/sbom-action/v0.15.10.md +++ b/content/docs/releases/sbom-action/v0.15.10.md @@ -11,7 +11,7 @@ description = "Release notes for sbom-action v0.15.10" Version [v0.15.10](https://github.com/anchore/sbom-action/releases/tag/v0.15.10) -## Changes in v0.15.10 - -- Update Syft to v1.1.0 (#454) +## Changes in v0.15.10 + +- Update Syft to v1.1.0 (#454) - Bump Node to v20 on download-syft/publish-sbom actions (#448) [[ViacheslavKudinov](https://github.com/ViacheslavKudinov)] diff --git a/content/docs/releases/sbom-action/v0.15.11.md b/content/docs/releases/sbom-action/v0.15.11.md index 244b3eb5..1a234400 100644 --- a/content/docs/releases/sbom-action/v0.15.11.md +++ b/content/docs/releases/sbom-action/v0.15.11.md @@ -11,8 +11,8 @@ description = "Release notes for sbom-action v0.15.11" Version [v0.15.11](https://github.com/anchore/sbom-action/releases/tag/v0.15.11) -## Changes in v0.15.11 - -- chore(deps): update Syft to v1.3.0 (#456) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] -- chore: remove outdated snapshot workflow (#457) [[spiffcs](https://github.com/spiffcs)] +## Changes in v0.15.11 + +- chore(deps): update Syft to v1.3.0 (#456) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +- chore: remove outdated snapshot workflow (#457) [[spiffcs](https://github.com/spiffcs)] - fix: don't pass in a separate env. This makes it impossible to pass env vars via the action context to syft. (#455) [[iNoahNothing](https://github.com/iNoahNothing)] diff --git a/content/docs/releases/sbom-action/v0.15.2.md b/content/docs/releases/sbom-action/v0.15.2.md index cb647413..718ece4f 100644 --- a/content/docs/releases/sbom-action/v0.15.2.md +++ b/content/docs/releases/sbom-action/v0.15.2.md @@ -11,7 +11,7 @@ description = "Release notes for sbom-action v0.15.2" Version [v0.15.2](https://github.com/anchore/sbom-action/releases/tag/v0.15.2) -## Changes in v0.15.2 - -- chore(deps): update Syft to v0.99.0 (#432) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +## Changes in v0.15.2 + +- chore(deps): update Syft to v0.99.0 (#432) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] - chore: fix github-script invocation in update-snapshots workflow (#433) [[willmurphyscode](https://github.com/willmurphyscode)] diff --git a/content/docs/releases/sbom-action/v0.15.3.md b/content/docs/releases/sbom-action/v0.15.3.md index c8d00d3e..c4ef43d6 100644 --- a/content/docs/releases/sbom-action/v0.15.3.md +++ b/content/docs/releases/sbom-action/v0.15.3.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.15.3" Version [v0.15.3](https://github.com/anchore/sbom-action/releases/tag/v0.15.3) -## Changes in v0.15.3 - +## Changes in v0.15.3 + - chore(deps): update Syft to v0.100.0 (#435) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.15.4.md b/content/docs/releases/sbom-action/v0.15.4.md index 838daf3b..8263d99c 100644 --- a/content/docs/releases/sbom-action/v0.15.4.md +++ b/content/docs/releases/sbom-action/v0.15.4.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.15.4" Version [v0.15.4](https://github.com/anchore/sbom-action/releases/tag/v0.15.4) -## Changes in v0.15.4 - +## Changes in v0.15.4 + - chore(deps): update Syft to v0.101.0 (#436) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.15.5.md b/content/docs/releases/sbom-action/v0.15.5.md index 607ec49a..c3d63a4b 100644 --- a/content/docs/releases/sbom-action/v0.15.5.md +++ b/content/docs/releases/sbom-action/v0.15.5.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.15.5" Version [v0.15.5](https://github.com/anchore/sbom-action/releases/tag/v0.15.5) -## Changes in v0.15.5 - +## Changes in v0.15.5 + - chore(deps): update Syft to v0.101.1 (#437) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.15.6.md b/content/docs/releases/sbom-action/v0.15.6.md index e9b3e464..db9559fb 100644 --- a/content/docs/releases/sbom-action/v0.15.6.md +++ b/content/docs/releases/sbom-action/v0.15.6.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.15.6" Version [v0.15.6](https://github.com/anchore/sbom-action/releases/tag/v0.15.6) -## Changes in v0.15.6 - +## Changes in v0.15.6 + - chore(deps): update Syft to v0.102.0 (#438) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.15.7.md b/content/docs/releases/sbom-action/v0.15.7.md index 0d43af2b..0cb63d22 100644 --- a/content/docs/releases/sbom-action/v0.15.7.md +++ b/content/docs/releases/sbom-action/v0.15.7.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.15.7" Version [v0.15.7](https://github.com/anchore/sbom-action/releases/tag/v0.15.7) -## Changes in v0.15.7 - +## Changes in v0.15.7 + - chore: migrate action to use node v20.11.0 (Iron) FROM node v16.x.x (#440) [[spiffcs](https://github.com/spiffcs)] diff --git a/content/docs/releases/sbom-action/v0.15.8.md b/content/docs/releases/sbom-action/v0.15.8.md index c32d5ec8..65699ab6 100644 --- a/content/docs/releases/sbom-action/v0.15.8.md +++ b/content/docs/releases/sbom-action/v0.15.8.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.15.8" Version [v0.15.8](https://github.com/anchore/sbom-action/releases/tag/v0.15.8) -## Changes in v0.15.8 - +## Changes in v0.15.8 + - Update Syft to v0.103.1 (#441) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.15.9.md b/content/docs/releases/sbom-action/v0.15.9.md index 75743ca3..fbf1a9e5 100644 --- a/content/docs/releases/sbom-action/v0.15.9.md +++ b/content/docs/releases/sbom-action/v0.15.9.md @@ -11,7 +11,7 @@ description = "Release notes for sbom-action v0.15.9" Version [v0.15.9](https://github.com/anchore/sbom-action/releases/tag/v0.15.9) -## Changes in v0.15.9 - -- reduce syft debug level (#446) [[kzantow](https://github.com/kzantow)] +## Changes in v0.15.9 + +- reduce syft debug level (#446) [[kzantow](https://github.com/kzantow)] - update Syft to v0.105.0 (#442) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.16.0.md b/content/docs/releases/sbom-action/v0.16.0.md index 45fa4ad0..3508b14a 100644 --- a/content/docs/releases/sbom-action/v0.16.0.md +++ b/content/docs/releases/sbom-action/v0.16.0.md @@ -11,9 +11,9 @@ description = "Release notes for sbom-action v0.16.0" Version [v0.16.0](https://github.com/anchore/sbom-action/releases/tag/v0.16.0) -## Changes in v0.16.0 - -- Update Syft to v1.4.1 (#465) -- Update GitHub artifact client (#463) [[kzantow](https://github.com/kzantow)] - +## Changes in v0.16.0 + +- Update Syft to v1.4.1 (#465) +- Update GitHub artifact client (#463) [[kzantow](https://github.com/kzantow)] + NOTE: if you are using this action within a _matrix build_ and see failures attempting to upload artifacts with duplicate names, you will need to set the `artifact-name` to be unique based on the matrix properties ([an example here](https://github.com/anchore/sbom-action/blob/main/.github/workflows/test.yml#L36)). This is due to a change to use a newer GitHub API which no longer allows artifacts with duplicate names. diff --git a/content/docs/releases/sbom-action/v0.16.1.md b/content/docs/releases/sbom-action/v0.16.1.md index 5b1f6d50..4508168f 100644 --- a/content/docs/releases/sbom-action/v0.16.1.md +++ b/content/docs/releases/sbom-action/v0.16.1.md @@ -11,10 +11,10 @@ description = "Release notes for sbom-action v0.16.1" Version [v0.16.1](https://github.com/anchore/sbom-action/releases/tag/v0.16.1) -## Changes in v0.16.1 - -- fix: workaround windows install issue (#477) [[willmurphyscode](https://github.com/willmurphyscode)] -- fix: allow users to properly use the file input over the default path value (#471) [[komish](https://github.com/komish)] -- chore(deps): update Syft to v1.5.0 (#470) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] -- docs: notes for matrix and required permissions (#469) [[kzantow](https://github.com/kzantow)] +## Changes in v0.16.1 + +- fix: workaround windows install issue (#477) [[willmurphyscode](https://github.com/willmurphyscode)] +- fix: allow users to properly use the file input over the default path value (#471) [[komish](https://github.com/komish)] +- chore(deps): update Syft to v1.5.0 (#470) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +- docs: notes for matrix and required permissions (#469) [[kzantow](https://github.com/kzantow)] - chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#466) [[dependabot](https://github.com/dependabot)] diff --git a/content/docs/releases/sbom-action/v0.17.0.md b/content/docs/releases/sbom-action/v0.17.0.md index b438f149..f6e5b74a 100644 --- a/content/docs/releases/sbom-action/v0.17.0.md +++ b/content/docs/releases/sbom-action/v0.17.0.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.17.0" Version [v0.17.0](https://github.com/anchore/sbom-action/releases/tag/v0.17.0) -## Changes in v0.17.0 - +## Changes in v0.17.0 + - chore(deps): update Syft to v1.9.0 (#479) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.17.1.md b/content/docs/releases/sbom-action/v0.17.1.md index 6d4907be..d6c2679f 100644 --- a/content/docs/releases/sbom-action/v0.17.1.md +++ b/content/docs/releases/sbom-action/v0.17.1.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.17.1" Version [v0.17.1](https://github.com/anchore/sbom-action/releases/tag/v0.17.1) -## Changes in v0.17.1 - +## Changes in v0.17.1 + - chore(deps): update Syft to v1.11.0 (#483) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.17.2.md b/content/docs/releases/sbom-action/v0.17.2.md index 77858766..fb850d41 100644 --- a/content/docs/releases/sbom-action/v0.17.2.md +++ b/content/docs/releases/sbom-action/v0.17.2.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.17.2" Version [v0.17.2](https://github.com/anchore/sbom-action/releases/tag/v0.17.2) -## Changes in v0.17.2 - +## Changes in v0.17.2 + - Update Syft to v1.11.1 (#485) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.17.3.md b/content/docs/releases/sbom-action/v0.17.3.md index e4e56269..83251ccc 100644 --- a/content/docs/releases/sbom-action/v0.17.3.md +++ b/content/docs/releases/sbom-action/v0.17.3.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.17.3" Version [v0.17.3](https://github.com/anchore/sbom-action/releases/tag/v0.17.3) -## Changes in v0.17.3 - +## Changes in v0.17.3 + - chore(deps): update Syft to v1.14.0 (#498) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.17.4.md b/content/docs/releases/sbom-action/v0.17.4.md index 190791a0..db94e923 100644 --- a/content/docs/releases/sbom-action/v0.17.4.md +++ b/content/docs/releases/sbom-action/v0.17.4.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.17.4" Version [v0.17.4](https://github.com/anchore/sbom-action/releases/tag/v0.17.4) -## Changes in v0.17.4 - +## Changes in v0.17.4 + - chore(deps): update Syft to v1.14.1 (#502) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.17.5.md b/content/docs/releases/sbom-action/v0.17.5.md index 0a472f3b..1776c71a 100644 --- a/content/docs/releases/sbom-action/v0.17.5.md +++ b/content/docs/releases/sbom-action/v0.17.5.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.17.5" Version [v0.17.5](https://github.com/anchore/sbom-action/releases/tag/v0.17.5) -## Changes in v0.17.5 - +## Changes in v0.17.5 + - chore(deps): update Syft to v1.14.2 (#503) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.17.6.md b/content/docs/releases/sbom-action/v0.17.6.md index 52403deb..40a28d96 100644 --- a/content/docs/releases/sbom-action/v0.17.6.md +++ b/content/docs/releases/sbom-action/v0.17.6.md @@ -11,7 +11,7 @@ description = "Release notes for sbom-action v0.17.6" Version [v0.17.6](https://github.com/anchore/sbom-action/releases/tag/v0.17.6) -## Changes in v0.17.6 - -- chore(deps): update Syft to v1.15.0 (#505) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +## Changes in v0.17.6 + +- chore(deps): update Syft to v1.15.0 (#505) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] - chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#504) [[dependabot](https://github.com/dependabot)] diff --git a/content/docs/releases/sbom-action/v0.17.7.md b/content/docs/releases/sbom-action/v0.17.7.md index 81b9d0c3..73209d3f 100644 --- a/content/docs/releases/sbom-action/v0.17.7.md +++ b/content/docs/releases/sbom-action/v0.17.7.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.17.7" Version [v0.17.7](https://github.com/anchore/sbom-action/releases/tag/v0.17.7) -## Changes in v0.17.7 - +## Changes in v0.17.7 + - chore(deps): update Syft to v1.16.0 (#506) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.17.8.md b/content/docs/releases/sbom-action/v0.17.8.md index bfdf0e7a..6f2b5f2c 100644 --- a/content/docs/releases/sbom-action/v0.17.8.md +++ b/content/docs/releases/sbom-action/v0.17.8.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.17.8" Version [v0.17.8](https://github.com/anchore/sbom-action/releases/tag/v0.17.8) -## Changes in v0.17.8 - +## Changes in v0.17.8 + - chore(deps): update Syft to v1.17.0 (#507) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.17.9.md b/content/docs/releases/sbom-action/v0.17.9.md index 13d498ae..43a91476 100644 --- a/content/docs/releases/sbom-action/v0.17.9.md +++ b/content/docs/releases/sbom-action/v0.17.9.md @@ -11,7 +11,7 @@ description = "Release notes for sbom-action v0.17.9" Version [v0.17.9](https://github.com/anchore/sbom-action/releases/tag/v0.17.9) -## Changes in v0.17.9 - -- chore(deps): update Syft to v1.18.1 (#510) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +## Changes in v0.17.9 + +- chore(deps): update Syft to v1.18.1 (#510) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] - chore(deps): update Syft to v1.18.0 (#509) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/sbom-action/v0.18.0.md b/content/docs/releases/sbom-action/v0.18.0.md index e6907987..69cac077 100644 --- a/content/docs/releases/sbom-action/v0.18.0.md +++ b/content/docs/releases/sbom-action/v0.18.0.md @@ -11,7 +11,7 @@ description = "Release notes for sbom-action v0.18.0" Version [v0.18.0](https://github.com/anchore/sbom-action/releases/tag/v0.18.0) -## Changes in v0.18.0 - -- chore(deps): update Syft to v1.19.0 (#513) - - [See Syft changelog for latest changes](https://github.com/anchore/syft/releases/tag/v1.19.0) +## Changes in v0.18.0 + +- chore(deps): update Syft to v1.19.0 (#513) + - [See Syft changelog for latest changes](https://github.com/anchore/syft/releases/tag/v1.19.0) diff --git a/content/docs/releases/sbom-action/v0.19.0.md b/content/docs/releases/sbom-action/v0.19.0.md index 3a518de4..3fa2ca06 100644 --- a/content/docs/releases/sbom-action/v0.19.0.md +++ b/content/docs/releases/sbom-action/v0.19.0.md @@ -11,8 +11,8 @@ description = "Release notes for sbom-action v0.19.0" Version [v0.19.0](https://github.com/anchore/sbom-action/releases/tag/v0.19.0) -## Changes in v0.19.0 - -- chore(deps): update Syft to v1.23.0 (#521) -- chore(deps): bump peter-evans/create-pull-request from 7.0.6 to 7.0.8 (#519) +## Changes in v0.19.0 + +- chore(deps): update Syft to v1.23.0 (#521) +- chore(deps): bump peter-evans/create-pull-request from 7.0.6 to 7.0.8 (#519) - chore(deps): bump cross-spawn (#514) diff --git a/content/docs/releases/sbom-action/v0.2.0.md b/content/docs/releases/sbom-action/v0.2.0.md index c4c00051..a32e5f06 100644 --- a/content/docs/releases/sbom-action/v0.2.0.md +++ b/content/docs/releases/sbom-action/v0.2.0.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.2.0" Version [v0.2.0](https://github.com/anchore/sbom-action/releases/tag/v0.2.0) -## Changes in v0.2.0 - +## Changes in v0.2.0 + - Update Syft to 0.25.0 (#95) diff --git a/content/docs/releases/sbom-action/v0.20.0.md b/content/docs/releases/sbom-action/v0.20.0.md index 44bcd352..7d30b0f3 100644 --- a/content/docs/releases/sbom-action/v0.20.0.md +++ b/content/docs/releases/sbom-action/v0.20.0.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.20.0" Version [v0.20.0](https://github.com/anchore/sbom-action/releases/tag/v0.20.0) -## Changes in v0.20.0 - +## Changes in v0.20.0 + - chore(deps): update Syft to v1.24.0 (#522) diff --git a/content/docs/releases/sbom-action/v0.20.1.md b/content/docs/releases/sbom-action/v0.20.1.md index 0ae520ec..9c09de60 100644 --- a/content/docs/releases/sbom-action/v0.20.1.md +++ b/content/docs/releases/sbom-action/v0.20.1.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.20.1" Version [v0.20.1](https://github.com/anchore/sbom-action/releases/tag/v0.20.1) -## Changes in v0.20.1 - +## Changes in v0.20.1 + - Update Syft to v1.27.1 (#525) diff --git a/content/docs/releases/sbom-action/v0.20.2.md b/content/docs/releases/sbom-action/v0.20.2.md index b4e10a77..95d4073b 100644 --- a/content/docs/releases/sbom-action/v0.20.2.md +++ b/content/docs/releases/sbom-action/v0.20.2.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.20.2" Version [v0.20.2](https://github.com/anchore/sbom-action/releases/tag/v0.20.2) -## Changes in v0.20.2 - +## Changes in v0.20.2 + - Update Syft to v1.28.0 (#526) diff --git a/content/docs/releases/sbom-action/v0.20.3.md b/content/docs/releases/sbom-action/v0.20.3.md index a00251d4..b38cd7af 100644 --- a/content/docs/releases/sbom-action/v0.20.3.md +++ b/content/docs/releases/sbom-action/v0.20.3.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.20.3" Version [v0.20.3](https://github.com/anchore/sbom-action/releases/tag/v0.20.3) -## Changes in v0.20.3 - +## Changes in v0.20.3 + - Fix: Strip emojis from correlator before using github APIs (#527) [[AndrewHendry](https://github.com/AndrewHendry)] diff --git a/content/docs/releases/sbom-action/v0.20.4.md b/content/docs/releases/sbom-action/v0.20.4.md index 44942cfb..17ac97e1 100644 --- a/content/docs/releases/sbom-action/v0.20.4.md +++ b/content/docs/releases/sbom-action/v0.20.4.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.20.4" Version [v0.20.4](https://github.com/anchore/sbom-action/releases/tag/v0.20.4) -## Changes in v0.20.4 - +## Changes in v0.20.4 + - chore: update Syft to v1.29.0 (#529) diff --git a/content/docs/releases/sbom-action/v0.20.5.md b/content/docs/releases/sbom-action/v0.20.5.md index b18803f2..b8ad44db 100644 --- a/content/docs/releases/sbom-action/v0.20.5.md +++ b/content/docs/releases/sbom-action/v0.20.5.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.20.5" Version [v0.20.5](https://github.com/anchore/sbom-action/releases/tag/v0.20.5) -## Changes in v0.20.5 - +## Changes in v0.20.5 + - Update Syft to v1.31.0 (#531) diff --git a/content/docs/releases/sbom-action/v0.3.0.md b/content/docs/releases/sbom-action/v0.3.0.md index feb950ea..c902bdea 100644 --- a/content/docs/releases/sbom-action/v0.3.0.md +++ b/content/docs/releases/sbom-action/v0.3.0.md @@ -11,8 +11,8 @@ description = "Release notes for sbom-action v0.3.0" Version [v0.3.0](https://github.com/anchore/sbom-action/releases/tag/v0.3.0) -## Changes in v0.3.0 - -## 🚀 Features - +## Changes in v0.3.0 + +## 🚀 Features + - Add support for running on Windows via WSL (#97) diff --git a/content/docs/releases/sbom-action/v0.4.0.md b/content/docs/releases/sbom-action/v0.4.0.md index 95411191..4090cea2 100644 --- a/content/docs/releases/sbom-action/v0.4.0.md +++ b/content/docs/releases/sbom-action/v0.4.0.md @@ -11,12 +11,12 @@ description = "Release notes for sbom-action v0.4.0" Version [v0.4.0](https://github.com/anchore/sbom-action/releases/tag/v0.4.0) -## Changes in v0.4.0 - -- Update Syft version to 0.26.0 (#111) -- Update [@actions](https://github.com/actions)/core (#101) -- Bump [@types](https://github.com/types)/node from 16.10.2 to 16.10.3 (#92) -- Bump eslint-plugin-jest from 24.5.2 to 25.0.1 (#100) -- Bump jest from 27.2.4 to 27.2.5 (#96) -- Bump [@octokit](https://github.com/octokit)/webhooks-types from 4.8.2 to 4.12.0 (#98) +## Changes in v0.4.0 + +- Update Syft version to 0.26.0 (#111) +- Update [@actions](https://github.com/actions)/core (#101) +- Bump [@types](https://github.com/types)/node from 16.10.2 to 16.10.3 (#92) +- Bump eslint-plugin-jest from 24.5.2 to 25.0.1 (#100) +- Bump jest from 27.2.4 to 27.2.5 (#96) +- Bump [@octokit](https://github.com/octokit)/webhooks-types from 4.8.2 to 4.12.0 (#98) - Bump [@octokit](https://github.com/octokit)/webhooks from 9.15.1 to 9.17.0 (#99) diff --git a/content/docs/releases/sbom-action/v0.5.0.md b/content/docs/releases/sbom-action/v0.5.0.md index 3bfea2dd..c3b023b0 100644 --- a/content/docs/releases/sbom-action/v0.5.0.md +++ b/content/docs/releases/sbom-action/v0.5.0.md @@ -11,7 +11,7 @@ description = "Release notes for sbom-action v0.5.0" Version [v0.5.0](https://github.com/anchore/sbom-action/releases/tag/v0.5.0) -## Changes in v0.5.0 - -- Bump Syft to 0.32.0 (#158) +## Changes in v0.5.0 + +- Bump Syft to 0.32.0 (#158) - Bump multiple NPM dependencies diff --git a/content/docs/releases/sbom-action/v0.6.0.md b/content/docs/releases/sbom-action/v0.6.0.md index ab4aa8d7..6ac3b2cd 100644 --- a/content/docs/releases/sbom-action/v0.6.0.md +++ b/content/docs/releases/sbom-action/v0.6.0.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.6.0" Version [v0.6.0](https://github.com/anchore/sbom-action/releases/tag/v0.6.0) -## Changes in v0.6.0 - +## Changes in v0.6.0 + - Bump Syft to 0.33.0 (#163) diff --git a/content/docs/releases/sbom-action/v0.7.0.md b/content/docs/releases/sbom-action/v0.7.0.md index e64bc4f8..d30553bc 100644 --- a/content/docs/releases/sbom-action/v0.7.0.md +++ b/content/docs/releases/sbom-action/v0.7.0.md @@ -11,6 +11,6 @@ description = "Release notes for sbom-action v0.7.0" Version [v0.7.0](https://github.com/anchore/sbom-action/releases/tag/v0.7.0) -## Changes in v0.7.0 - +## Changes in v0.7.0 + - Bump Syft to 0.40.1 (#206) diff --git a/content/docs/releases/sbom-action/v0.8.0.md b/content/docs/releases/sbom-action/v0.8.0.md index 506177bf..1e2d3a74 100644 --- a/content/docs/releases/sbom-action/v0.8.0.md +++ b/content/docs/releases/sbom-action/v0.8.0.md @@ -11,7 +11,7 @@ description = "Release notes for sbom-action v0.8.0" Version [v0.8.0](https://github.com/anchore/sbom-action/releases/tag/v0.8.0) -## Changes in v0.8.0 - -- Specify the Syft version to use (#126) +## Changes in v0.8.0 + +- Specify the Syft version to use (#126) - Add support for GitHub dependency snapshot API (#201) diff --git a/content/docs/releases/sbom-action/v0.9.0.md b/content/docs/releases/sbom-action/v0.9.0.md index 06e14c58..5899d8fc 100644 --- a/content/docs/releases/sbom-action/v0.9.0.md +++ b/content/docs/releases/sbom-action/v0.9.0.md @@ -11,10 +11,10 @@ description = "Release notes for sbom-action v0.9.0" Version [v0.9.0](https://github.com/anchore/sbom-action/releases/tag/v0.9.0) -## Changes in v0.9.0 - -- Add syft-version input to download-syft action (#228) - -## 🐛 Bug Fixes - +## Changes in v0.9.0 + +- Add syft-version input to download-syft action (#228) + +## 🐛 Bug Fixes + - Don't use JSON.stringify for logging purposes (#236) diff --git a/content/docs/releases/scan-action/_index.md b/content/docs/releases/scan-action/_index.md index 203b42a2..5b9a9473 100644 --- a/content/docs/releases/scan-action/_index.md +++ b/content/docs/releases/scan-action/_index.md @@ -1,7 +1,7 @@ +++ tags = ['scan-action'] categories = ['release'] -title = "Scan-action Release Notes" +title = "Scan-action Release Notes" linkTitle = "Scan-action" url = "docs/releases/scan-action" description = "Anchore Scan-action Release Notes" diff --git a/content/docs/releases/scan-action/v1.0.3.md b/content/docs/releases/scan-action/v1.0.3.md index c2023aa7..352d6a14 100644 --- a/content/docs/releases/scan-action/v1.0.3.md +++ b/content/docs/releases/scan-action/v1.0.3.md @@ -10,5 +10,3 @@ description = "Release notes for scan-action v1.0.3" ## Release Notes Version [v1.0.3](https://github.com/anchore/scan-action/releases/tag/v1.0.3) - - diff --git a/content/docs/releases/scan-action/v1.0.4.md b/content/docs/releases/scan-action/v1.0.4.md index 6e437018..f26a28e4 100644 --- a/content/docs/releases/scan-action/v1.0.4.md +++ b/content/docs/releases/scan-action/v1.0.4.md @@ -10,5 +10,3 @@ description = "Release notes for scan-action v1.0.4" ## Release Notes Version [v1.0.4](https://github.com/anchore/scan-action/releases/tag/v1.0.4) - - diff --git a/content/docs/releases/scan-action/v2.0.0.md b/content/docs/releases/scan-action/v2.0.0.md index adc5744f..047a0b40 100644 --- a/content/docs/releases/scan-action/v2.0.0.md +++ b/content/docs/releases/scan-action/v2.0.0.md @@ -11,19 +11,19 @@ description = "Release notes for scan-action v2.0.0" Version [v2.0.0](https://github.com/anchore/scan-action/releases/tag/v2.0.0) -New major version of scan action based on new [Grype](https://github.com/anchore/grype) tool from Anchore that is much faster for scanning compared to v1.x and adds some new capabilities and more metadata about the matches. - -* Significantly faster performance for scans -* New vulnerabilities output format is the JSON output from Grype directly -* Adds support for scanning directories as well as Docker containers, so you can do the same checks pre-and post-build of the container. -* Supports Automatic Code Scanning/SARIF for exposing results via your repository's _Security_ tab. - -This is a breaking change from v1.x, as indicated by the major version revision: - -1. Use `image` input parameter Instead of `image-reference` -2. `dockerfile-path` is no longer supported and not necessary for the vulnerability scans -3. `custom-policy-path` is no longer supported -4. `include-app-packages` is no longer necessary or supported. Application packages are on by default and will receive vulnerability matches. -5. Outputs: - 1. `billofmaterials` is no longer output. V2 is focused on vulnerability scanning and another action may be introduced for BoM support with its own options/config. +New major version of scan action based on new [Grype](https://github.com/anchore/grype) tool from Anchore that is much faster for scanning compared to v1.x and adds some new capabilities and more metadata about the matches. + +- Significantly faster performance for scans +- New vulnerabilities output format is the JSON output from Grype directly +- Adds support for scanning directories as well as Docker containers, so you can do the same checks pre-and post-build of the container. +- Supports Automatic Code Scanning/SARIF for exposing results via your repository's _Security_ tab. + +This is a breaking change from v1.x, as indicated by the major version revision: + +1. Use `image` input parameter Instead of `image-reference` +2. `dockerfile-path` is no longer supported and not necessary for the vulnerability scans +3. `custom-policy-path` is no longer supported +4. `include-app-packages` is no longer necessary or supported. Application packages are on by default and will receive vulnerability matches. +5. Outputs: + 1. `billofmaterials` is no longer output. V2 is focused on vulnerability scanning and another action may be introduced for BoM support with its own options/config. 2. `policycheck` is no longer output diff --git a/content/docs/releases/scan-action/v2.0.1.md b/content/docs/releases/scan-action/v2.0.1.md index f7c69636..e588b987 100644 --- a/content/docs/releases/scan-action/v2.0.1.md +++ b/content/docs/releases/scan-action/v2.0.1.md @@ -11,10 +11,10 @@ description = "Release notes for scan-action v2.0.1" Version [v2.0.1](https://github.com/anchore/scan-action/releases/tag/v2.0.1) -Minor bug-fix release. - -Fixes: - -* Removes unnecessary constraint in deduplication for SARIF reporting -* Allows defining and referencing the location of the SARIF report file -* Fixes multiple instances where undefined items in the reporting would break scanning +Minor bug-fix release. + +Fixes: + +- Removes unnecessary constraint in deduplication for SARIF reporting +- Allows defining and referencing the location of the SARIF report file +- Fixes multiple instances where undefined items in the reporting would break scanning diff --git a/content/docs/releases/scan-action/v2.0.2.md b/content/docs/releases/scan-action/v2.0.2.md index 9a870d4b..46e4998f 100644 --- a/content/docs/releases/scan-action/v2.0.2.md +++ b/content/docs/releases/scan-action/v2.0.2.md @@ -11,6 +11,6 @@ description = "Release notes for scan-action v2.0.2" Version [v2.0.2](https://github.com/anchore/scan-action/releases/tag/v2.0.2) -Minor bug-fix release: - -* Update `actions/core` to use version `1.2.6` [(Issue #71)](https://github.com/anchore/scan-action/issues/71) +Minor bug-fix release: + +- Update `actions/core` to use version `1.2.6` [(Issue #71)](https://github.com/anchore/scan-action/issues/71) diff --git a/content/docs/releases/scan-action/v2.0.4.md b/content/docs/releases/scan-action/v2.0.4.md index 51f0847b..e2417ea3 100644 --- a/content/docs/releases/scan-action/v2.0.4.md +++ b/content/docs/releases/scan-action/v2.0.4.md @@ -11,6 +11,6 @@ description = "Release notes for scan-action v2.0.4" Version [v2.0.4](https://github.com/anchore/scan-action/releases/tag/v2.0.4) -## New in scan-action v2.0.4 - +## New in scan-action v2.0.4 + - bump grype to 0.7.0 (#81) diff --git a/content/docs/releases/scan-action/v3.0.0.md b/content/docs/releases/scan-action/v3.0.0.md index a1729beb..034045bc 100644 --- a/content/docs/releases/scan-action/v3.0.0.md +++ b/content/docs/releases/scan-action/v3.0.0.md @@ -11,9 +11,9 @@ description = "Release notes for scan-action v3.0.0" Version [v3.0.0](https://github.com/anchore/scan-action/releases/tag/v3.0.0) -## New in scan-action v3.0.0 - -- Upgrade to Grype to 0.17.0 and add tests #102 (#112) (#118) -- Improve SARIF output #114 (#115) -- Change default behavior so action fails on medium (and higher) severities (#86) +## New in scan-action v3.0.0 + +- Upgrade to Grype to 0.17.0 and add tests #102 (#112) (#118) +- Improve SARIF output #114 (#115) +- Change default behavior so action fails on medium (and higher) severities (#86) - Respect verbosity from action to call Grype (#82) diff --git a/content/docs/releases/scan-action/v3.1.0.md b/content/docs/releases/scan-action/v3.1.0.md index 8471c706..fdd0d9d1 100644 --- a/content/docs/releases/scan-action/v3.1.0.md +++ b/content/docs/releases/scan-action/v3.1.0.md @@ -11,6 +11,6 @@ description = "Release notes for scan-action v3.1.0" Version [v3.1.0](https://github.com/anchore/scan-action/releases/tag/v3.1.0) -## New in scan-action v3.1.0 - +## New in scan-action v3.1.0 + - Update Grype to 0.22.0 - this includes the ability to ignore vulnerability matches (#121) diff --git a/content/docs/releases/scan-action/v3.2.0.md b/content/docs/releases/scan-action/v3.2.0.md index 7c573dd6..bf36bea7 100644 --- a/content/docs/releases/scan-action/v3.2.0.md +++ b/content/docs/releases/scan-action/v3.2.0.md @@ -11,9 +11,9 @@ description = "Release notes for scan-action v3.2.0" Version [v3.2.0](https://github.com/anchore/scan-action/releases/tag/v3.2.0) -## New in scan-action v3.2.0 - -- Update Grype to 0.27.3 (#136) -- Output Grype stderr to action logs (#137) -- Readme should point to CONTRIBUTING.md (#126) +## New in scan-action v3.2.0 + +- Update Grype to 0.27.3 (#136) +- Output Grype stderr to action logs (#137) +- Readme should point to CONTRIBUTING.md (#126) - Improve documentation (#125) diff --git a/content/docs/releases/scan-action/v3.2.1.md b/content/docs/releases/scan-action/v3.2.1.md index 61faad5d..0bd5e32e 100644 --- a/content/docs/releases/scan-action/v3.2.1.md +++ b/content/docs/releases/scan-action/v3.2.1.md @@ -11,6 +11,6 @@ description = "Release notes for scan-action v3.2.1" Version [v3.2.1](https://github.com/anchore/scan-action/releases/tag/v3.2.1) -## New in scan-action v3.2.1 - +## New in scan-action v3.2.1 + - Remove SARIF processing (#148) diff --git a/content/docs/releases/scan-action/v3.2.2.md b/content/docs/releases/scan-action/v3.2.2.md index 17a515f8..6a76419b 100644 --- a/content/docs/releases/scan-action/v3.2.2.md +++ b/content/docs/releases/scan-action/v3.2.2.md @@ -11,7 +11,7 @@ description = "Release notes for scan-action v3.2.2" Version [v3.2.2](https://github.com/anchore/scan-action/releases/tag/v3.2.2) -## New in scan-action v3.2.2 - -- Add sub-action to download Grype (#152) +## New in scan-action v3.2.2 + +- Add sub-action to download Grype (#152) - Update Grype to 0.34.4 to fix a nil pointer in SARIF generation (#151) diff --git a/content/docs/releases/scan-action/v3.2.3.md b/content/docs/releases/scan-action/v3.2.3.md index 77e4349b..f1791bcd 100644 --- a/content/docs/releases/scan-action/v3.2.3.md +++ b/content/docs/releases/scan-action/v3.2.3.md @@ -11,6 +11,6 @@ description = "Release notes for scan-action v3.2.3" Version [v3.2.3](https://github.com/anchore/scan-action/releases/tag/v3.2.3) -## New in scan-action v3.2.3 - +## New in scan-action v3.2.3 + - Support SBOM input for scanning (#154) [@harmw] diff --git a/content/docs/releases/scan-action/v3.2.4.md b/content/docs/releases/scan-action/v3.2.4.md index 98222426..d5baf879 100644 --- a/content/docs/releases/scan-action/v3.2.4.md +++ b/content/docs/releases/scan-action/v3.2.4.md @@ -11,7 +11,7 @@ description = "Release notes for scan-action v3.2.4" Version [v3.2.4](https://github.com/anchore/scan-action/releases/tag/v3.2.4) -## New in scan-action v3.2.4 - -- Update Grype to v0.34.7 (#163) +## New in scan-action v3.2.4 + +- Update Grype to v0.34.7 (#163) - More closely align parameters with sbom-action (#158) diff --git a/content/docs/releases/scan-action/v3.2.5.md b/content/docs/releases/scan-action/v3.2.5.md index dccca3ec..7fe5f947 100644 --- a/content/docs/releases/scan-action/v3.2.5.md +++ b/content/docs/releases/scan-action/v3.2.5.md @@ -11,7 +11,7 @@ description = "Release notes for scan-action v3.2.5" Version [v3.2.5](https://github.com/anchore/scan-action/releases/tag/v3.2.5) -## New in scan-action v3.2.5 - -- Update node versions to v16 from v12 (#176) [[spiffcs](https://github.com/spiffcs)] +## New in scan-action v3.2.5 + +- Update node versions to v16 from v12 (#176) [[spiffcs](https://github.com/spiffcs)] - Update Grype to v0.38.0 (#173) diff --git a/content/docs/releases/scan-action/v3.3.0.md b/content/docs/releases/scan-action/v3.3.0.md index a0d5e2c0..d99d30fd 100644 --- a/content/docs/releases/scan-action/v3.3.0.md +++ b/content/docs/releases/scan-action/v3.3.0.md @@ -11,8 +11,8 @@ description = "Release notes for scan-action v3.3.0" Version [v3.3.0](https://github.com/anchore/scan-action/releases/tag/v3.3.0) -## New in scan-action v3.3.0 - -- Add `output-format` and allow `json` to be used (#184,#187) [[GiliFaroEnv0](https://github.com/GiliFaroEnv0) + [maartenh](https://github.com/maartenh)] -- Add `table` option for `output-format` to show vulnerabilities in console (#135) [[ken-chou-finn](https://github.com/ken-chou-finn) + [kzantow](https://github.com/kzantow)] +## New in scan-action v3.3.0 + +- Add `output-format` and allow `json` to be used (#184,#187) [[GiliFaroEnv0](https://github.com/GiliFaroEnv0) + [maartenh](https://github.com/maartenh)] +- Add `table` option for `output-format` to show vulnerabilities in console (#135) [[ken-chou-finn](https://github.com/ken-chou-finn) + [kzantow](https://github.com/kzantow)] - Update Grype to v0.50.1 (#191) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/scan-action/v3.3.1.md b/content/docs/releases/scan-action/v3.3.1.md index 108a50a9..e0af67cf 100644 --- a/content/docs/releases/scan-action/v3.3.1.md +++ b/content/docs/releases/scan-action/v3.3.1.md @@ -11,6 +11,6 @@ description = "Release notes for scan-action v3.3.1" Version [v3.3.1](https://github.com/anchore/scan-action/releases/tag/v3.3.1) -## New in scan-action v3.3.1 - +## New in scan-action v3.3.1 + - Update Grype to v0.52.0 (#201) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/scan-action/v3.3.2.md b/content/docs/releases/scan-action/v3.3.2.md index 2d72aea0..30ca33ee 100644 --- a/content/docs/releases/scan-action/v3.3.2.md +++ b/content/docs/releases/scan-action/v3.3.2.md @@ -11,6 +11,6 @@ description = "Release notes for scan-action v3.3.2" Version [v3.3.2](https://github.com/anchore/scan-action/releases/tag/v3.3.2) -## New in scan-action v3.3.2 - +## New in scan-action v3.3.2 + - Include process environment into grype execution (#202) [[erhan-](https://github.com/erhan-) + [kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/scan-action/v3.3.3.md b/content/docs/releases/scan-action/v3.3.3.md index 037c4727..8375516b 100644 --- a/content/docs/releases/scan-action/v3.3.3.md +++ b/content/docs/releases/scan-action/v3.3.3.md @@ -11,7 +11,7 @@ description = "Release notes for scan-action v3.3.3" Version [v3.3.3](https://github.com/anchore/scan-action/releases/tag/v3.3.3) -## New in scan-action v3.3.3 - -- Add only-fixed option (#208) [[lucacome](https://github.com/lucacome)] +## New in scan-action v3.3.3 + +- Add only-fixed option (#208) [[lucacome](https://github.com/lucacome)] - Update Grype to v0.54.0 (#204) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/scan-action/v3.3.4.md b/content/docs/releases/scan-action/v3.3.4.md index 4b7ca906..92e69623 100644 --- a/content/docs/releases/scan-action/v3.3.4.md +++ b/content/docs/releases/scan-action/v3.3.4.md @@ -11,6 +11,6 @@ description = "Release notes for scan-action v3.3.4" Version [v3.3.4](https://github.com/anchore/scan-action/releases/tag/v3.3.4) -## New in scan-action v3.3.4 - +## New in scan-action v3.3.4 + - Update Grype to v0.56.0 (#205) diff --git a/content/docs/releases/scan-action/v3.3.5.md b/content/docs/releases/scan-action/v3.3.5.md index df75c374..13ec79f0 100644 --- a/content/docs/releases/scan-action/v3.3.5.md +++ b/content/docs/releases/scan-action/v3.3.5.md @@ -11,8 +11,8 @@ description = "Release notes for scan-action v3.3.5" Version [v3.3.5](https://github.com/anchore/scan-action/releases/tag/v3.3.5) -## New in scan-action v3.3.5 - -- Set json output (#222) [[kklopfenstein](https://github.com/kklopfenstein)] -- Update Grype to v0.60.0 (#221) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +## New in scan-action v3.3.5 + +- Set json output (#222) [[kklopfenstein](https://github.com/kklopfenstein)] +- Update Grype to v0.60.0 (#221) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] - Add input for --add-cpes-if-none flag (#219) [[sebhoss](https://github.com/sebhoss)] diff --git a/content/docs/releases/scan-action/v3.3.6.md b/content/docs/releases/scan-action/v3.3.6.md index 078e6fe2..ad06f08a 100644 --- a/content/docs/releases/scan-action/v3.3.6.md +++ b/content/docs/releases/scan-action/v3.3.6.md @@ -11,8 +11,8 @@ description = "Release notes for scan-action v3.3.6" Version [v3.3.6](https://github.com/anchore/scan-action/releases/tag/v3.3.6) -## New in scan-action v3.3.6 - -- chore(deps): update Grype to v0.63.0 (#225) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] -- chore: update grype update (#224) [[kzantow](https://github.com/kzantow)] +## New in scan-action v3.3.6 + +- chore(deps): update Grype to v0.63.0 (#225) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +- chore: update grype update (#224) [[kzantow](https://github.com/kzantow)] - chore: update deprecated set-output call (#223) [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/scan-action/v3.3.7.md b/content/docs/releases/scan-action/v3.3.7.md index ec7eb572..a450d1f0 100644 --- a/content/docs/releases/scan-action/v3.3.7.md +++ b/content/docs/releases/scan-action/v3.3.7.md @@ -11,18 +11,18 @@ description = "Release notes for scan-action v3.3.7" Version [v3.3.7](https://github.com/anchore/scan-action/releases/tag/v3.3.7) -## New in scan-action v3.3.7 - -- chore: address test flakes (#249) [[willmurphyscode](https://github.com/willmurphyscode)] -- chore(deps): update Grype to v0.73.3 (#248) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] -- chore: add manual trigger to test workflow (#247) [[willmurphyscode](https://github.com/willmurphyscode)] -- fix: updated semver version (#241) [[gicappa](https://github.com/gicappa)] -- chore(docs): update docker related actions to avoid warnings in workflow (#240) [[kuzm1ch](https://github.com/kuzm1ch)] -- chore: add new exception for audit (#235) [[spiffcs](https://github.com/spiffcs)] -- chore(deps): update Grype to v0.63.1 (#233) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] -- Add by-cve option (#229) [[too-gee](https://github.com/too-gee)] -- add oss community board auto-add workflow (#231) [[wagoodman](https://github.com/wagoodman)] - -## 🐛 Bug Fixes - +## New in scan-action v3.3.7 + +- chore: address test flakes (#249) [[willmurphyscode](https://github.com/willmurphyscode)] +- chore(deps): update Grype to v0.73.3 (#248) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +- chore: add manual trigger to test workflow (#247) [[willmurphyscode](https://github.com/willmurphyscode)] +- fix: updated semver version (#241) [[gicappa](https://github.com/gicappa)] +- chore(docs): update docker related actions to avoid warnings in workflow (#240) [[kuzm1ch](https://github.com/kuzm1ch)] +- chore: add new exception for audit (#235) [[spiffcs](https://github.com/spiffcs)] +- chore(deps): update Grype to v0.63.1 (#233) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +- Add by-cve option (#229) [[too-gee](https://github.com/too-gee)] +- add oss community board auto-add workflow (#231) [[wagoodman](https://github.com/wagoodman)] + +## 🐛 Bug Fixes + - chore(deps): update Grype to v0.73.2; remove snapshot tests (#236) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/scan-action/v3.3.8.md b/content/docs/releases/scan-action/v3.3.8.md index 631f7f69..5653b1ce 100644 --- a/content/docs/releases/scan-action/v3.3.8.md +++ b/content/docs/releases/scan-action/v3.3.8.md @@ -11,8 +11,8 @@ description = "Release notes for scan-action v3.3.8" Version [v3.3.8](https://github.com/anchore/scan-action/releases/tag/v3.3.8) -## New in scan-action v3.3.8 - -- Update Grype to v0.73.4 (#252) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] -- Add input grype-version (#228) [[ViacheslavKudinov](https://github.com/ViacheslavKudinov)] +## New in scan-action v3.3.8 + +- Update Grype to v0.73.4 (#252) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +- Add input grype-version (#228) [[ViacheslavKudinov](https://github.com/ViacheslavKudinov)] - Chore: upgrade and pin all GH actions (#250) [[willmurphyscode](https://github.com/willmurphyscode)] diff --git a/content/docs/releases/scan-action/v3.4.0.md b/content/docs/releases/scan-action/v3.4.0.md index 2f0ea6a9..b74c5da5 100644 --- a/content/docs/releases/scan-action/v3.4.0.md +++ b/content/docs/releases/scan-action/v3.4.0.md @@ -11,9 +11,9 @@ description = "Release notes for scan-action v3.4.0" Version [v3.4.0](https://github.com/anchore/scan-action/releases/tag/v3.4.0) -## New in scan-action v3.4.0 - -- chore(deps-dev): bump tslib from 2.5.0 to 2.6.2 (#258) [[dependabot](https://github.com/dependabot)] -- chore(deps-dev): bump [@vercel](https://github.com/vercel)/ncc from 0.36.1 to 0.38.1 (#261) [[dependabot](https://github.com/dependabot)] -- chore(deps): update Grype to v0.73.5 (#264) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +## New in scan-action v3.4.0 + +- chore(deps-dev): bump tslib from 2.5.0 to 2.6.2 (#258) [[dependabot](https://github.com/dependabot)] +- chore(deps-dev): bump [@vercel](https://github.com/vercel)/ncc from 0.36.1 to 0.38.1 (#261) [[dependabot](https://github.com/dependabot)] +- chore(deps): update Grype to v0.73.5 (#264) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] - Add support for the `--vex` flag (#254) [[ferozsalam](https://github.com/ferozsalam)] diff --git a/content/docs/releases/scan-action/v3.5.0.md b/content/docs/releases/scan-action/v3.5.0.md index d74ff554..f6203dcf 100644 --- a/content/docs/releases/scan-action/v3.5.0.md +++ b/content/docs/releases/scan-action/v3.5.0.md @@ -11,7 +11,7 @@ description = "Release notes for scan-action v3.5.0" Version [v3.5.0](https://github.com/anchore/scan-action/releases/tag/v3.5.0) -## New in scan-action v3.5.0 - -- chore(deps): update Grype to v0.74.0 (#267) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +## New in scan-action v3.5.0 + +- chore(deps): update Grype to v0.74.0 (#267) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] - chore(deps): bump [@actions](https://github.com/actions)/core from 1.10.0 to 1.10.1 (#262) [[dependabot](https://github.com/dependabot)] diff --git a/content/docs/releases/scan-action/v3.6.0.md b/content/docs/releases/scan-action/v3.6.0.md index cf39098a..28c156cc 100644 --- a/content/docs/releases/scan-action/v3.6.0.md +++ b/content/docs/releases/scan-action/v3.6.0.md @@ -11,7 +11,7 @@ description = "Release notes for scan-action v3.6.0" Version [v3.6.0](https://github.com/anchore/scan-action/releases/tag/v3.6.0) -## New in scan-action v3.6.0 - -- chore(deps): update Grype to v0.74.1 (#271) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +## New in scan-action v3.6.0 + +- chore(deps): update Grype to v0.74.1 (#271) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] - chore(deps-dev): bump prettier from 3.1.1 to 3.2.2 (#268) [[dependabot](https://github.com/dependabot)] diff --git a/content/docs/releases/scan-action/v3.6.1.md b/content/docs/releases/scan-action/v3.6.1.md index b10112f4..1d08e6a3 100644 --- a/content/docs/releases/scan-action/v3.6.1.md +++ b/content/docs/releases/scan-action/v3.6.1.md @@ -11,7 +11,7 @@ description = "Release notes for scan-action v3.6.1" Version [v3.6.1](https://github.com/anchore/scan-action/releases/tag/v3.6.1) -## New in scan-action v3.6.1 - -- chore(deps): update Grype to v0.74.2 (#272) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +## New in scan-action v3.6.1 + +- chore(deps): update Grype to v0.74.2 (#272) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] - chore(deps-dev): bump prettier from 3.2.2 to 3.2.4 (#270) [[dependabot](https://github.com/dependabot)] diff --git a/content/docs/releases/scan-action/v3.6.2.md b/content/docs/releases/scan-action/v3.6.2.md index 46cd33a5..6cf3348d 100644 --- a/content/docs/releases/scan-action/v3.6.2.md +++ b/content/docs/releases/scan-action/v3.6.2.md @@ -11,6 +11,6 @@ description = "Release notes for scan-action v3.6.2" Version [v3.6.2](https://github.com/anchore/scan-action/releases/tag/v3.6.2) -## New in scan-action v3.6.2 - +## New in scan-action v3.6.2 + - chore(deps): update Grype to v0.74.3 (#275) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/scan-action/v3.6.3.md b/content/docs/releases/scan-action/v3.6.3.md index 53e15ebc..5d80ffc0 100644 --- a/content/docs/releases/scan-action/v3.6.3.md +++ b/content/docs/releases/scan-action/v3.6.3.md @@ -11,6 +11,6 @@ description = "Release notes for scan-action v3.6.3" Version [v3.6.3](https://github.com/anchore/scan-action/releases/tag/v3.6.3) -## New in scan-action v3.6.3 - +## New in scan-action v3.6.3 + - chore: migrate action to use node v20.11.0 (Iron) FROM node v16.x.x (#278) [[spiffcs](https://github.com/spiffcs)] diff --git a/content/docs/releases/scan-action/v3.6.4.md b/content/docs/releases/scan-action/v3.6.4.md index c15a1020..260ca593 100644 --- a/content/docs/releases/scan-action/v3.6.4.md +++ b/content/docs/releases/scan-action/v3.6.4.md @@ -11,6 +11,6 @@ description = "Release notes for scan-action v3.6.4" Version [v3.6.4](https://github.com/anchore/scan-action/releases/tag/v3.6.4) -## New in scan-action v3.6.4 - +## New in scan-action v3.6.4 + - Update Grype to v0.74.4 (#279) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/scan-action/v4.0.0.md b/content/docs/releases/scan-action/v4.0.0.md index 06dd67cb..b50aa172 100644 --- a/content/docs/releases/scan-action/v4.0.0.md +++ b/content/docs/releases/scan-action/v4.0.0.md @@ -11,8 +11,8 @@ description = "Release notes for scan-action v4.0.0" Version [v4.0.0](https://github.com/anchore/scan-action/releases/tag/v4.0.0) -## New in scan-action v4.0.0 - -- Update Grype to v0.79.2 (#338) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] -- Download Grype on Windows (#336) [[willmurphyscode](https://github.com/willmurphyscode)] (#315) [[kzantow](https://github.com/kzantow)] +## New in scan-action v4.0.0 + +- Update Grype to v0.79.2 (#338) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +- Download Grype on Windows (#336) [[willmurphyscode](https://github.com/willmurphyscode)] (#315) [[kzantow](https://github.com/kzantow)] - Bump Node to v20 (#295) [[ViacheslavKudinov](https://github.com/ViacheslavKudinov)] diff --git a/content/docs/releases/scan-action/v4.1.0.md b/content/docs/releases/scan-action/v4.1.0.md index 43290a64..23c59fde 100644 --- a/content/docs/releases/scan-action/v4.1.0.md +++ b/content/docs/releases/scan-action/v4.1.0.md @@ -11,6 +11,6 @@ description = "Release notes for scan-action v4.1.0" Version [v4.1.0](https://github.com/anchore/scan-action/releases/tag/v4.1.0) -## New in scan-action v4.1.0 - +## New in scan-action v4.1.0 + - chore(deps): update Grype to v0.79.3 (#341) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/scan-action/v4.1.1.md b/content/docs/releases/scan-action/v4.1.1.md index f06bd1d2..a06ad668 100644 --- a/content/docs/releases/scan-action/v4.1.1.md +++ b/content/docs/releases/scan-action/v4.1.1.md @@ -11,7 +11,7 @@ description = "Release notes for scan-action v4.1.1" Version [v4.1.1](https://github.com/anchore/scan-action/releases/tag/v4.1.1) -## New in scan-action v4.1.1 - -- chore(deps): update Grype to v0.79.6 (#352) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +## New in scan-action v4.1.1 + +- chore(deps): update Grype to v0.79.6 (#352) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] - Document grype-version parameter (#319) [[vprivat-ads](https://github.com/vprivat-ads)] diff --git a/content/docs/releases/scan-action/v4.1.2.md b/content/docs/releases/scan-action/v4.1.2.md index cab8351f..b2b48c5d 100644 --- a/content/docs/releases/scan-action/v4.1.2.md +++ b/content/docs/releases/scan-action/v4.1.2.md @@ -11,6 +11,6 @@ description = "Release notes for scan-action v4.1.2" Version [v4.1.2](https://github.com/anchore/scan-action/releases/tag/v4.1.2) -## New in scan-action v4.1.2 - +## New in scan-action v4.1.2 + - Update Grype to v0.80.0 (#358) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/scan-action/v5.0.0.md b/content/docs/releases/scan-action/v5.0.0.md index c55122a4..91925a29 100644 --- a/content/docs/releases/scan-action/v5.0.0.md +++ b/content/docs/releases/scan-action/v5.0.0.md @@ -11,11 +11,11 @@ description = "Release notes for scan-action v5.0.0" Version [v5.0.0](https://github.com/anchore/scan-action/releases/tag/v5.0.0) -## New in scan-action v5.0.0 - -- chore(deps): update Grype to v0.82.0 (#383) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] - -## 🚀 Features - -- feat: short-lived grype-db cache (#348) [[kzantow](https://github.com/kzantow)] -Note: with this release grype is no longer installed on `$PATH`. We suspect the changes here could break a number of users of the action who have learned to expect Grype be installed on `$PATH`. +## New in scan-action v5.0.0 + +- chore(deps): update Grype to v0.82.0 (#383) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] + +## 🚀 Features + +- feat: short-lived grype-db cache (#348) [[kzantow](https://github.com/kzantow)] + Note: with this release grype is no longer installed on `$PATH`. We suspect the changes here could break a number of users of the action who have learned to expect Grype be installed on `$PATH`. diff --git a/content/docs/releases/scan-action/v5.0.1.md b/content/docs/releases/scan-action/v5.0.1.md index d93b48c3..289a1efe 100644 --- a/content/docs/releases/scan-action/v5.0.1.md +++ b/content/docs/releases/scan-action/v5.0.1.md @@ -11,6 +11,6 @@ description = "Release notes for scan-action v5.0.1" Version [v5.0.1](https://github.com/anchore/scan-action/releases/tag/v5.0.1) -## New in scan-action v5.0.1 - +## New in scan-action v5.0.1 + - chore(deps): update Grype to v0.82.1 (#389) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/scan-action/v5.1.0.md b/content/docs/releases/scan-action/v5.1.0.md index db928439..ea33ac6b 100644 --- a/content/docs/releases/scan-action/v5.1.0.md +++ b/content/docs/releases/scan-action/v5.1.0.md @@ -11,8 +11,8 @@ description = "Release notes for scan-action v5.1.0" Version [v5.1.0](https://github.com/anchore/scan-action/releases/tag/v5.1.0) -## New in scan-action v5.1.0 - -- chore(deps): update Grype to v0.82.2 (#393) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] -- chore(deps-dev): bump eslint from 9.12.0 to 9.13.0 (#392) [[dependabot](https://github.com/dependabot)] +## New in scan-action v5.1.0 + +- chore(deps): update Grype to v0.82.2 (#393) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +- chore(deps-dev): bump eslint from 9.12.0 to 9.13.0 (#392) [[dependabot](https://github.com/dependabot)] - chore(deps-dev): bump tslib from 2.7.0 to 2.8.0 (#391) [[dependabot](https://github.com/dependabot)] diff --git a/content/docs/releases/scan-action/v5.2.0.md b/content/docs/releases/scan-action/v5.2.0.md index 71383d2a..017adbef 100644 --- a/content/docs/releases/scan-action/v5.2.0.md +++ b/content/docs/releases/scan-action/v5.2.0.md @@ -11,8 +11,8 @@ description = "Release notes for scan-action v5.2.0" Version [v5.2.0](https://github.com/anchore/scan-action/releases/tag/v5.2.0) -## New in scan-action v5.2.0 - -- chore(deps): update Grype to v0.83.0 (#398) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] -- chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#394) [[dependabot](https://github.com/dependabot)] +## New in scan-action v5.2.0 + +- chore(deps): update Grype to v0.83.0 (#398) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +- chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#394) [[dependabot](https://github.com/dependabot)] - chore(deps): bump actions/setup-node from 4.0.4 to 4.1.0 (#395) [[dependabot](https://github.com/dependabot)] diff --git a/content/docs/releases/scan-action/v5.2.1.md b/content/docs/releases/scan-action/v5.2.1.md index 43b92d9d..05b2b0e0 100644 --- a/content/docs/releases/scan-action/v5.2.1.md +++ b/content/docs/releases/scan-action/v5.2.1.md @@ -11,7 +11,7 @@ description = "Release notes for scan-action v5.2.1" Version [v5.2.1](https://github.com/anchore/scan-action/releases/tag/v5.2.1) -## New in scan-action v5.2.1 - -- update Grype to v0.84.0 (#404) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +## New in scan-action v5.2.1 + +- update Grype to v0.84.0 (#404) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] - bump [@actions](https://github.com/actions)/cache from 3.2.4 to 3.3.0 (#402) [[dependabot](https://github.com/dependabot)] diff --git a/content/docs/releases/scan-action/v5.3.0.md b/content/docs/releases/scan-action/v5.3.0.md index 8ed970d2..b9ce78f5 100644 --- a/content/docs/releases/scan-action/v5.3.0.md +++ b/content/docs/releases/scan-action/v5.3.0.md @@ -11,9 +11,9 @@ description = "Release notes for scan-action v5.3.0" Version [v5.3.0](https://github.com/anchore/scan-action/releases/tag/v5.3.0) -## New in scan-action v5.3.0 - -- chore(deps): update Grype to v0.85.0 (#408) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] -- chore(deps-dev): bump [@vercel](https://github.com/vercel)/ncc from 0.38.2 to 0.38.3 (#406) [[dependabot](https://github.com/dependabot)] -- chore(deps-dev): bump eslint from 9.14.0 to 9.15.0 (#405) [[dependabot](https://github.com/dependabot)] +## New in scan-action v5.3.0 + +- chore(deps): update Grype to v0.85.0 (#408) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +- chore(deps-dev): bump [@vercel](https://github.com/vercel)/ncc from 0.38.2 to 0.38.3 (#406) [[dependabot](https://github.com/dependabot)] +- chore(deps-dev): bump eslint from 9.14.0 to 9.15.0 (#405) [[dependabot](https://github.com/dependabot)] - chore(deps-dev): bump husky from 9.1.6 to 9.1.7 (#407) [[dependabot](https://github.com/dependabot)] diff --git a/content/docs/releases/scan-action/v6.0.0.md b/content/docs/releases/scan-action/v6.0.0.md index 728032e3..b86f6dcf 100644 --- a/content/docs/releases/scan-action/v6.0.0.md +++ b/content/docs/releases/scan-action/v6.0.0.md @@ -11,23 +11,26 @@ description = "Release notes for scan-action v6.0.0" Version [v6.0.0](https://github.com/anchore/scan-action/releases/tag/v6.0.0) -## New in scan-action v6.0.0 - -## Breaking Change -- feat: add output-file option, default to random directory output in temp (#346) [[kzantow](https://github.com/kzantow)] - -The action no longer generates files in your working directory by default, instead you should use the action outputs: `${{ steps..outputs.sarif }}` where the `` needs to match the `id` you configured to reference the `scan-action`, e.g.: -```yaml - - uses: anchore/scan-action[@v6](https://github.com/v6) - id: scan - ... - - uses: github/codeql-action/upload-sarif[@v3](https://github.com/v3) - with: - sarif_file: ${{ steps.scan.outputs.sarif }} -``` - -## Other Changes -- chore(deps): update Grype to v0.86.1 (#416) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] -- feat: add support for cyclonedx and cyclonedx-json output-formats (#396) [[ps-e](https://github.com/ps-e)] -- chore(deps): bump [@actions](https://github.com/actions)/cache from 3.3.0 to 4.0.0 (#412) [[dependabot](https://github.com/dependabot)] +## New in scan-action v6.0.0 + +## Breaking Change + +- feat: add output-file option, default to random directory output in temp (#346) [[kzantow](https://github.com/kzantow)] + +The action no longer generates files in your working directory by default, instead you should use the action outputs: `${{ steps..outputs.sarif }}` where the `` needs to match the `id` you configured to reference the `scan-action`, e.g.: + +```yaml + - uses: anchore/scan-action[@v6](https://github.com/v6) + id: scan + ... + - uses: github/codeql-action/upload-sarif[@v3](https://github.com/v3) + with: + sarif_file: ${{ steps.scan.outputs.sarif }} +``` + +## Other Changes + +- chore(deps): update Grype to v0.86.1 (#416) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +- feat: add support for cyclonedx and cyclonedx-json output-formats (#396) [[ps-e](https://github.com/ps-e)] +- chore(deps): bump [@actions](https://github.com/actions)/cache from 3.3.0 to 4.0.0 (#412) [[dependabot](https://github.com/dependabot)] - chore(deps): update Grype to v0.86.0 (#413) [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] diff --git a/content/docs/releases/scan-action/v6.1.0.md b/content/docs/releases/scan-action/v6.1.0.md index 2c5c9b77..87f4112e 100644 --- a/content/docs/releases/scan-action/v6.1.0.md +++ b/content/docs/releases/scan-action/v6.1.0.md @@ -11,7 +11,7 @@ description = "Release notes for scan-action v6.1.0" Version [v6.1.0](https://github.com/anchore/scan-action/releases/tag/v6.1.0) -## New in scan-action v6.1.0 - -- Feature (deps): update Grype to v0.87.0 (#430) - - [See Grype changes for new updates](https://github.com/anchore/grype/releases/tag/v0.87.0) +## New in scan-action v6.1.0 + +- Feature (deps): update Grype to v0.87.0 (#430) + - [See Grype changes for new updates](https://github.com/anchore/grype/releases/tag/v0.87.0) diff --git a/content/docs/releases/scan-action/v6.2.0.md b/content/docs/releases/scan-action/v6.2.0.md index 4eb9f50b..5c99e2da 100644 --- a/content/docs/releases/scan-action/v6.2.0.md +++ b/content/docs/releases/scan-action/v6.2.0.md @@ -11,6 +11,6 @@ description = "Release notes for scan-action v6.2.0" Version [v6.2.0](https://github.com/anchore/scan-action/releases/tag/v6.2.0) -## New in scan-action v6.2.0 - +## New in scan-action v6.2.0 + - feat: update Scan action to use grype db v6 (#462) [[spiffcs](https://github.com/spiffcs)] diff --git a/content/docs/releases/scan-action/v6.3.0.md b/content/docs/releases/scan-action/v6.3.0.md index 2c043dd2..cfccd388 100644 --- a/content/docs/releases/scan-action/v6.3.0.md +++ b/content/docs/releases/scan-action/v6.3.0.md @@ -11,6 +11,6 @@ description = "Release notes for scan-action v6.3.0" Version [v6.3.0](https://github.com/anchore/scan-action/releases/tag/v6.3.0) -## New in scan-action v6.3.0 - +## New in scan-action v6.3.0 + - Update Grype to v0.94.0 (#470) diff --git a/content/docs/releases/scan-action/v6.4.0.md b/content/docs/releases/scan-action/v6.4.0.md index a135886f..9c4d0959 100644 --- a/content/docs/releases/scan-action/v6.4.0.md +++ b/content/docs/releases/scan-action/v6.4.0.md @@ -11,11 +11,11 @@ description = "Release notes for scan-action v6.4.0" Version [v6.4.0](https://github.com/anchore/scan-action/releases/tag/v6.4.0) -## New in scan-action v6.4.0 - -- Update Grype to v0.95.0 (#486) -- chore(deps-dev): bump eslint from 9.30.0 to 9.30.1 (#485) -- chore(deps-dev): bump lint-staged from 16.1.0 to 16.1.2 (#476) -- chore(deps-dev): bump jest from 30.0.0 to 30.0.3 (#481) -- chore(deps-dev): bump prettier from 3.5.3 to 3.6.2 (#483) +## New in scan-action v6.4.0 + +- Update Grype to v0.95.0 (#486) +- chore(deps-dev): bump eslint from 9.30.0 to 9.30.1 (#485) +- chore(deps-dev): bump lint-staged from 16.1.0 to 16.1.2 (#476) +- chore(deps-dev): bump jest from 30.0.0 to 30.0.3 (#481) +- chore(deps-dev): bump prettier from 3.5.3 to 3.6.2 (#483) - chore(deps-dev): bump eslint from 9.28.0 to 9.30.0 (#484) diff --git a/content/docs/releases/scan-action/v6.5.0.md b/content/docs/releases/scan-action/v6.5.0.md index 684fcbd9..57eeef17 100644 --- a/content/docs/releases/scan-action/v6.5.0.md +++ b/content/docs/releases/scan-action/v6.5.0.md @@ -11,7 +11,7 @@ description = "Release notes for scan-action v6.5.0" Version [v6.5.0](https://github.com/anchore/scan-action/releases/tag/v6.5.0) -## New in scan-action v6.5.0 - -- Update Grype to v0.96.1 (#493) [[[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator)](https://github.com/[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator))] +## New in scan-action v6.5.0 + +- Update Grype to v0.96.1 (#493) [[[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator)](https://github.com/[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator))] - fix: output stderr for nonzero exit code (#491) [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/scan-action/v6.5.1.md b/content/docs/releases/scan-action/v6.5.1.md index 8394fd28..5dd3233f 100644 --- a/content/docs/releases/scan-action/v6.5.1.md +++ b/content/docs/releases/scan-action/v6.5.1.md @@ -11,6 +11,6 @@ description = "Release notes for scan-action v6.5.1" Version [v6.5.1](https://github.com/anchore/scan-action/releases/tag/v6.5.1) -## New in scan-action v6.5.1 - +## New in scan-action v6.5.1 + - Update Grype to v0.97.1 (#495) diff --git a/content/docs/releases/stereoscope/_index.md b/content/docs/releases/stereoscope/_index.md index ca780941..a5c51d12 100644 --- a/content/docs/releases/stereoscope/_index.md +++ b/content/docs/releases/stereoscope/_index.md @@ -1,7 +1,7 @@ +++ tags = ['stereoscope'] categories = ['release'] -title = "Stereoscope Release Notes" +title = "Stereoscope Release Notes" linkTitle = "Stereoscope" url = "docs/releases/stereoscope" description = "Anchore Stereoscope Release Notes" diff --git a/content/docs/releases/stereoscope/v0.0.1.md b/content/docs/releases/stereoscope/v0.0.1.md index d25f0996..52ba80f9 100644 --- a/content/docs/releases/stereoscope/v0.0.1.md +++ b/content/docs/releases/stereoscope/v0.0.1.md @@ -11,7 +11,8 @@ description = "Release notes for stereoscope v0.0.1" Version [v0.0.1](https://github.com/anchore/stereoscope/releases/tag/v0.0.1) -## Security Fixes -* Fix tar path traversal issue by [@wagoodman](https://github.com/wagoodman) in https://github.com/anchore/stereoscope/pull/214 - +## Security Fixes + +- Fix tar path traversal issue by [@wagoodman](https://github.com/wagoodman) in https://github.com/anchore/stereoscope/pull/214 + **Full Changelog**: https://github.com/anchore/stereoscope/commits/v0.0.1 diff --git a/content/docs/releases/stereoscope/v0.0.10.md b/content/docs/releases/stereoscope/v0.0.10.md index 56fe7014..ba9883f5 100644 --- a/content/docs/releases/stereoscope/v0.0.10.md +++ b/content/docs/releases/stereoscope/v0.0.10.md @@ -11,10 +11,10 @@ description = "Release notes for stereoscope v0.0.10" Version [v0.0.10](https://github.com/anchore/stereoscope/releases/tag/v0.0.10) -## Dependency Updates - -- bump github.com/stretchr/testify from 1.9.0 to 1.10.0 [[#325](https://github.com/anchore/stereoscope/pull/325) [@dependabot](https://github.com/dependabot)] -- bump golang.org/x/crypto from 0.29.0 to 0.30.0 [[#326](https://github.com/anchore/stereoscope/pull/326) [@dependabot](https://github.com/dependabot)] -- bump the go group across 1 directory with 2 updates [[#324](https://github.com/anchore/stereoscope/pull/324) [@dependabot](https://github.com/dependabot)] - +## Dependency Updates + +- bump github.com/stretchr/testify from 1.9.0 to 1.10.0 [[#325](https://github.com/anchore/stereoscope/pull/325) [@dependabot](https://github.com/dependabot)] +- bump golang.org/x/crypto from 0.29.0 to 0.30.0 [[#326](https://github.com/anchore/stereoscope/pull/326) [@dependabot](https://github.com/dependabot)] +- bump the go group across 1 directory with 2 updates [[#324](https://github.com/anchore/stereoscope/pull/324) [@dependabot](https://github.com/dependabot)] + **[(Full Changelog)](https://github.com/anchore/stereoscope/compare/v0.0.9...v0.0.10)** diff --git a/content/docs/releases/stereoscope/v0.0.2.md b/content/docs/releases/stereoscope/v0.0.2.md index 01108676..cc687b24 100644 --- a/content/docs/releases/stereoscope/v0.0.2.md +++ b/content/docs/releases/stereoscope/v0.0.2.md @@ -11,15 +11,15 @@ description = "Release notes for stereoscope v0.0.2" Version [v0.0.2](https://github.com/anchore/stereoscope/releases/tag/v0.0.2) -## Bug Fixes - -- update tar traversal to respect current director entry [[#225](https://github.com/anchore/stereoscope/pull/225) [@spiffcs](https://github.com/spiffcs)] -- Fix panic when pulling OCI-packaged helm chart [[#228](https://github.com/anchore/stereoscope/pull/228) [@willmurphyscode](https://github.com/willmurphyscode)] - -## Additional Changes - -- Drop github.com/pkg/errors [[#212](https://github.com/anchore/stereoscope/pull/212) [@jonjohnsonjr](https://github.com/jonjohnsonjr)] -- separate tagged image providers [[#219](https://github.com/anchore/stereoscope/pull/219) [@kzantow](https://github.com/kzantow)] -- add testutil logging [[#222](https://github.com/anchore/stereoscope/pull/222) [@kzantow](https://github.com/kzantow)] - +## Bug Fixes + +- update tar traversal to respect current director entry [[#225](https://github.com/anchore/stereoscope/pull/225) [@spiffcs](https://github.com/spiffcs)] +- Fix panic when pulling OCI-packaged helm chart [[#228](https://github.com/anchore/stereoscope/pull/228) [@willmurphyscode](https://github.com/willmurphyscode)] + +## Additional Changes + +- Drop github.com/pkg/errors [[#212](https://github.com/anchore/stereoscope/pull/212) [@jonjohnsonjr](https://github.com/jonjohnsonjr)] +- separate tagged image providers [[#219](https://github.com/anchore/stereoscope/pull/219) [@kzantow](https://github.com/kzantow)] +- add testutil logging [[#222](https://github.com/anchore/stereoscope/pull/222) [@kzantow](https://github.com/kzantow)] + **[(Full Changelog)](https://github.com/anchore/stereoscope/compare/v0.0.1...v0.0.2)** diff --git a/content/docs/releases/stereoscope/v0.0.3.md b/content/docs/releases/stereoscope/v0.0.3.md index c0c8783a..07f65a8f 100644 --- a/content/docs/releases/stereoscope/v0.0.3.md +++ b/content/docs/releases/stereoscope/v0.0.3.md @@ -11,8 +11,8 @@ description = "Release notes for stereoscope v0.0.3" Version [v0.0.3](https://github.com/anchore/stereoscope/releases/tag/v0.0.3) -## Additional Changes - -- Bump docker version [[#234](https://github.com/anchore/stereoscope/pull/234) [@jonjohnsonjr](https://github.com/jonjohnsonjr)] - +## Additional Changes + +- Bump docker version [[#234](https://github.com/anchore/stereoscope/pull/234) [@jonjohnsonjr](https://github.com/jonjohnsonjr)] + **[(Full Changelog)](https://github.com/anchore/stereoscope/compare/v0.0.2...v0.0.3)** diff --git a/content/docs/releases/stereoscope/v0.0.4.md b/content/docs/releases/stereoscope/v0.0.4.md index 16c7309b..3138e324 100644 --- a/content/docs/releases/stereoscope/v0.0.4.md +++ b/content/docs/releases/stereoscope/v0.0.4.md @@ -11,8 +11,8 @@ description = "Release notes for stereoscope v0.0.4" Version [v0.0.4](https://github.com/anchore/stereoscope/releases/tag/v0.0.4) -## Additional Changes - -- Update and use upstream mimetype lib [[#307](https://github.com/anchore/stereoscope/pull/307) [@wagoodman](https://github.com/wagoodman)] - +## Additional Changes + +- Update and use upstream mimetype lib [[#307](https://github.com/anchore/stereoscope/pull/307) [@wagoodman](https://github.com/wagoodman)] + **[(Full Changelog)](https://github.com/anchore/stereoscope/compare/v0.0.3...v0.0.4)** diff --git a/content/docs/releases/stereoscope/v0.0.5.md b/content/docs/releases/stereoscope/v0.0.5.md index 0d0d72cd..3eb12493 100644 --- a/content/docs/releases/stereoscope/v0.0.5.md +++ b/content/docs/releases/stereoscope/v0.0.5.md @@ -11,9 +11,9 @@ description = "Release notes for stereoscope v0.0.5" Version [v0.0.5](https://github.com/anchore/stereoscope/releases/tag/v0.0.5) -## Dependency Updates - -- bump github.com/sylabs/sif/v2 from 2.19.1 to 2.19.2 in the go group [[#313](https://github.com/anchore/stereoscope/pull/313) [@dependabot](https://github.com/dependabot)] -- bump github.com/adrg/xdg from 0.5.0 to 0.5.1 in the go group [[#310](https://github.com/anchore/stereoscope/pull/310) [@dependabot](https://github.com/dependabot)] - +## Dependency Updates + +- bump github.com/sylabs/sif/v2 from 2.19.1 to 2.19.2 in the go group [[#313](https://github.com/anchore/stereoscope/pull/313) [@dependabot](https://github.com/dependabot)] +- bump github.com/adrg/xdg from 0.5.0 to 0.5.1 in the go group [[#310](https://github.com/anchore/stereoscope/pull/310) [@dependabot](https://github.com/dependabot)] + **[(Full Changelog)](https://github.com/anchore/stereoscope/compare/v0.0.4...v0.0.5)** diff --git a/content/docs/releases/stereoscope/v0.0.8.md b/content/docs/releases/stereoscope/v0.0.8.md index 9ff628c0..8b8f8a3f 100644 --- a/content/docs/releases/stereoscope/v0.0.8.md +++ b/content/docs/releases/stereoscope/v0.0.8.md @@ -11,14 +11,14 @@ description = "Release notes for stereoscope v0.0.8" Version [v0.0.8](https://github.com/anchore/stereoscope/releases/tag/v0.0.8) -## Dependency Updates - -- bump github.com/adrg/xdg from 0.5.1 to 0.5.3 in the go group across 1 directory [[#318](https://github.com/anchore/stereoscope/pull/318) [@dependabot](https://github.com/dependabot)] -- bump crazy-max/ghaction-setup-containerd from 3.0.0 to 3.1.0 in the workflows group [[#316](https://github.com/anchore/stereoscope/pull/316) [@dependabot](https://github.com/dependabot)] - -## Additional Changes - -- Configure max layer/file size [[#311](https://github.com/anchore/stereoscope/issues/311) [#314](https://github.com/anchore/stereoscope/pull/314) [@2rigor](https://github.com/2rigor)] -- update minimum supported go version to 1.22.9 [[#320](https://github.com/anchore/stereoscope/pull/320) [@kzantow](https://github.com/kzantow)] - +## Dependency Updates + +- bump github.com/adrg/xdg from 0.5.1 to 0.5.3 in the go group across 1 directory [[#318](https://github.com/anchore/stereoscope/pull/318) [@dependabot](https://github.com/dependabot)] +- bump crazy-max/ghaction-setup-containerd from 3.0.0 to 3.1.0 in the workflows group [[#316](https://github.com/anchore/stereoscope/pull/316) [@dependabot](https://github.com/dependabot)] + +## Additional Changes + +- Configure max layer/file size [[#311](https://github.com/anchore/stereoscope/issues/311) [#314](https://github.com/anchore/stereoscope/pull/314) [@2rigor](https://github.com/2rigor)] +- update minimum supported go version to 1.22.9 [[#320](https://github.com/anchore/stereoscope/pull/320) [@kzantow](https://github.com/kzantow)] + **[(Full Changelog)](https://github.com/anchore/stereoscope/compare/v0.0.5...v0.0.8)** diff --git a/content/docs/releases/stereoscope/v0.0.9.md b/content/docs/releases/stereoscope/v0.0.9.md index 7e38515e..7211c863 100644 --- a/content/docs/releases/stereoscope/v0.0.9.md +++ b/content/docs/releases/stereoscope/v0.0.9.md @@ -11,9 +11,9 @@ description = "Release notes for stereoscope v0.0.9" Version [v0.0.9](https://github.com/anchore/stereoscope/releases/tag/v0.0.9) -## Dependency Updates - -- bump golang.org/x/crypto from 0.28.0 to 0.29.0 [[#321](https://github.com/anchore/stereoscope/pull/321) [@dependabot](https://github.com/dependabot)] -- bump github.com/sylabs/sif/v2 from 2.19.2 to 2.20.0 [[#322](https://github.com/anchore/stereoscope/pull/322) [@dependabot](https://github.com/dependabot)] - +## Dependency Updates + +- bump golang.org/x/crypto from 0.28.0 to 0.29.0 [[#321](https://github.com/anchore/stereoscope/pull/321) [@dependabot](https://github.com/dependabot)] +- bump github.com/sylabs/sif/v2 from 2.19.2 to 2.20.0 [[#322](https://github.com/anchore/stereoscope/pull/322) [@dependabot](https://github.com/dependabot)] + **[(Full Changelog)](https://github.com/anchore/stereoscope/compare/v0.0.8...v0.0.9)** diff --git a/content/docs/releases/stereoscope/v0.1.0.md b/content/docs/releases/stereoscope/v0.1.0.md index c3cb3c76..e0e33f13 100644 --- a/content/docs/releases/stereoscope/v0.1.0.md +++ b/content/docs/releases/stereoscope/v0.1.0.md @@ -11,40 +11,40 @@ description = "Release notes for stereoscope v0.1.0" Version [v0.1.0](https://github.com/anchore/stereoscope/releases/tag/v0.1.0) -## Added Features - -- Set the GGCR user agent [[#381](https://github.com/anchore/stereoscope/pull/381) [@mattmoor](https://github.com/mattmoor)] - -## Bug Fixes - -- Remove logging for filetree search queries [[#355](https://github.com/anchore/stereoscope/pull/355) [@wagoodman](https://github.com/wagoodman)] -- pull in sylabs squashs v1.0.5 [[#379](https://github.com/anchore/stereoscope/pull/379) [@willmurphyscode](https://github.com/willmurphyscode)] -- Improve glob search performance[[#382](https://github.com/anchore/stereoscope/pull/382) [@kzantow](https://github.com/kzantow)] - -## Dependency Updates - -- Bump runners and dependabot config [[#356](https://github.com/anchore/stereoscope/pull/356) [@wagoodman](https://github.com/wagoodman)] -- bump github.com/docker/docker from 27.5.1+incompatible to 28.0.1+incompatible [[#374](https://github.com/anchore/stereoscope/pull/374) [@dependabot](https://github.com/dependabot)] -- bump github.com/google/go-cmp from 0.6.0 to 0.7.0 [[#368](https://github.com/anchore/stereoscope/pull/368) [@dependabot](https://github.com/dependabot)] -- bump golang.org/x/crypto from 0.33.0 to 0.36.0 [[#378](https://github.com/anchore/stereoscope/pull/378) [@dependabot](https://github.com/dependabot)] -- bump github.com/awslabs/amazon-ecr-credential-helper/ecr-login from 0.0.0-20220517224237-e6f29200ae04 to 0.9.1 [[#364](https://github.com/anchore/stereoscope/pull/364) [@dependabot](https://github.com/dependabot)] -- bump actions/cache from 4.2.0 to 4.2.2 in /.github/workflows [[#371](https://github.com/anchore/stereoscope/pull/371) [@dependabot](https://github.com/dependabot)] -- bump actions/cache from 4.2.0 to 4.2.2 in /.github/actions/bootstrap [[#372](https://github.com/anchore/stereoscope/pull/372) [@dependabot](https://github.com/dependabot)] -- bump github.com/docker/cli from 27.5.1+incompatible to 28.0.1+incompatible [[#375](https://github.com/anchore/stereoscope/pull/375) [@dependabot](https://github.com/dependabot)] -- bump github.com/containerd/containerd from 1.7.25 to 1.7.26 [[#373](https://github.com/anchore/stereoscope/pull/373) [@dependabot](https://github.com/dependabot)] -- bump github.com/opencontainers/image-spec from 1.1.0 to 1.1.1 [[#377](https://github.com/anchore/stereoscope/pull/377) [@dependabot](https://github.com/dependabot)] -- bump golang.org/x/net from 0.33.0 to 0.36.0 [[#380](https://github.com/anchore/stereoscope/pull/380) [@dependabot](https://github.com/dependabot)] -- bump golang.org/x/crypto from 0.32.0 to 0.33.0 [[#357](https://github.com/anchore/stereoscope/pull/357) [@dependabot](https://github.com/dependabot)] -- bump github.com/bmatcuk/doublestar/v4 from 4.8.0 to 4.8.1 [[#360](https://github.com/anchore/stereoscope/pull/360) [@dependabot](https://github.com/dependabot)] -- bump github.com/docker/cli from 27.5.0+incompatible to 27.5.1+incompatible [[#358](https://github.com/anchore/stereoscope/pull/358) [@dependabot](https://github.com/dependabot)] -- bump github.com/containerd/containerd from 1.7.24 to 1.7.25 [[#361](https://github.com/anchore/stereoscope/pull/361) [@dependabot](https://github.com/dependabot)] -- bump the workflows group in /.github/actions/bootstrap with 2 updates [[#350](https://github.com/anchore/stereoscope/pull/350) [@dependabot](https://github.com/dependabot)] -- bump github.com/docker/docker from 27.4.1+incompatible to 27.5.1+incompatible [[#347](https://github.com/anchore/stereoscope/pull/347) [@dependabot](https://github.com/dependabot)] -- bump github.com/bmatcuk/doublestar/v4 from 4.7.1 to 4.8.0 [[#344](https://github.com/anchore/stereoscope/pull/344) [@dependabot](https://github.com/dependabot)] -- bump github.com/docker/cli from 27.4.1+incompatible to 27.5.0+incompatible [[#346](https://github.com/anchore/stereoscope/pull/346) [@dependabot](https://github.com/dependabot)] - -## Additional Changes - -- Replace manual map clearing loop with built-in clear() [[#352](https://github.com/anchore/stereoscope/pull/352) [@rezmoss](https://github.com/rezmoss)] - +## Added Features + +- Set the GGCR user agent [[#381](https://github.com/anchore/stereoscope/pull/381) [@mattmoor](https://github.com/mattmoor)] + +## Bug Fixes + +- Remove logging for filetree search queries [[#355](https://github.com/anchore/stereoscope/pull/355) [@wagoodman](https://github.com/wagoodman)] +- pull in sylabs squashs v1.0.5 [[#379](https://github.com/anchore/stereoscope/pull/379) [@willmurphyscode](https://github.com/willmurphyscode)] +- Improve glob search performance[[#382](https://github.com/anchore/stereoscope/pull/382) [@kzantow](https://github.com/kzantow)] + +## Dependency Updates + +- Bump runners and dependabot config [[#356](https://github.com/anchore/stereoscope/pull/356) [@wagoodman](https://github.com/wagoodman)] +- bump github.com/docker/docker from 27.5.1+incompatible to 28.0.1+incompatible [[#374](https://github.com/anchore/stereoscope/pull/374) [@dependabot](https://github.com/dependabot)] +- bump github.com/google/go-cmp from 0.6.0 to 0.7.0 [[#368](https://github.com/anchore/stereoscope/pull/368) [@dependabot](https://github.com/dependabot)] +- bump golang.org/x/crypto from 0.33.0 to 0.36.0 [[#378](https://github.com/anchore/stereoscope/pull/378) [@dependabot](https://github.com/dependabot)] +- bump github.com/awslabs/amazon-ecr-credential-helper/ecr-login from 0.0.0-20220517224237-e6f29200ae04 to 0.9.1 [[#364](https://github.com/anchore/stereoscope/pull/364) [@dependabot](https://github.com/dependabot)] +- bump actions/cache from 4.2.0 to 4.2.2 in /.github/workflows [[#371](https://github.com/anchore/stereoscope/pull/371) [@dependabot](https://github.com/dependabot)] +- bump actions/cache from 4.2.0 to 4.2.2 in /.github/actions/bootstrap [[#372](https://github.com/anchore/stereoscope/pull/372) [@dependabot](https://github.com/dependabot)] +- bump github.com/docker/cli from 27.5.1+incompatible to 28.0.1+incompatible [[#375](https://github.com/anchore/stereoscope/pull/375) [@dependabot](https://github.com/dependabot)] +- bump github.com/containerd/containerd from 1.7.25 to 1.7.26 [[#373](https://github.com/anchore/stereoscope/pull/373) [@dependabot](https://github.com/dependabot)] +- bump github.com/opencontainers/image-spec from 1.1.0 to 1.1.1 [[#377](https://github.com/anchore/stereoscope/pull/377) [@dependabot](https://github.com/dependabot)] +- bump golang.org/x/net from 0.33.0 to 0.36.0 [[#380](https://github.com/anchore/stereoscope/pull/380) [@dependabot](https://github.com/dependabot)] +- bump golang.org/x/crypto from 0.32.0 to 0.33.0 [[#357](https://github.com/anchore/stereoscope/pull/357) [@dependabot](https://github.com/dependabot)] +- bump github.com/bmatcuk/doublestar/v4 from 4.8.0 to 4.8.1 [[#360](https://github.com/anchore/stereoscope/pull/360) [@dependabot](https://github.com/dependabot)] +- bump github.com/docker/cli from 27.5.0+incompatible to 27.5.1+incompatible [[#358](https://github.com/anchore/stereoscope/pull/358) [@dependabot](https://github.com/dependabot)] +- bump github.com/containerd/containerd from 1.7.24 to 1.7.25 [[#361](https://github.com/anchore/stereoscope/pull/361) [@dependabot](https://github.com/dependabot)] +- bump the workflows group in /.github/actions/bootstrap with 2 updates [[#350](https://github.com/anchore/stereoscope/pull/350) [@dependabot](https://github.com/dependabot)] +- bump github.com/docker/docker from 27.4.1+incompatible to 27.5.1+incompatible [[#347](https://github.com/anchore/stereoscope/pull/347) [@dependabot](https://github.com/dependabot)] +- bump github.com/bmatcuk/doublestar/v4 from 4.7.1 to 4.8.0 [[#344](https://github.com/anchore/stereoscope/pull/344) [@dependabot](https://github.com/dependabot)] +- bump github.com/docker/cli from 27.4.1+incompatible to 27.5.0+incompatible [[#346](https://github.com/anchore/stereoscope/pull/346) [@dependabot](https://github.com/dependabot)] + +## Additional Changes + +- Replace manual map clearing loop with built-in clear() [[#352](https://github.com/anchore/stereoscope/pull/352) [@rezmoss](https://github.com/rezmoss)] + **[(Full Changelog)](https://github.com/anchore/stereoscope/compare/v0.0.13...v0.1.0)** diff --git a/content/docs/releases/stereoscope/v0.1.10.md b/content/docs/releases/stereoscope/v0.1.10.md index 1207f5a0..b76f2a98 100644 --- a/content/docs/releases/stereoscope/v0.1.10.md +++ b/content/docs/releases/stereoscope/v0.1.10.md @@ -11,17 +11,18 @@ description = "Release notes for stereoscope v0.1.10" Version [v0.1.10](https://github.com/anchore/stereoscope/releases/tag/v0.1.10) -## Dependency Updates - -- bump github.com/stretchr/testify from 1.11.0 to 1.11.1 [[#449](https://github.com/anchore/stereoscope/pull/449) [@dependabot](https://github.com/dependabot)] -- bump github.com/docker/cli from 28.3.3+incompatible to 28.4.0+incompatible [[#452](https://github.com/anchore/stereoscope/pull/452) [@dependabot](https://github.com/dependabot)] -- bump github.com/spf13/afero from 1.14.0 to 1.15.0 [[#450](https://github.com/anchore/stereoscope/pull/450) [@dependabot](https://github.com/dependabot)] -- bump golang.org/x/crypto from 0.41.0 to 0.42.0 [[#451](https://github.com/anchore/stereoscope/pull/451) [@dependabot](https://github.com/dependabot)] -- bump github.com/docker/docker from 28.3.3+incompatible to 28.4.0+incompatible [[#453](https://github.com/anchore/stereoscope/pull/453) [@dependabot](https://github.com/dependabot)] -- bump github.com/ulikunitz/xz from 0.5.12 to 0.5.15 [[#447](https://github.com/anchore/stereoscope/pull/447) [@dependabot](https://github.com/dependabot)] -- bump actions/setup-go from 5.5.0 to 6.0.0 in /.github/actions/bootstrap [[#448](https://github.com/anchore/stereoscope/pull/448) [@dependabot](https://github.com/dependabot)] - -## Bug Fix -- handling of variant in platform string and image config [[#455](https://github.com/anchore/stereoscope/pull/455) [@mathrock](https://github.com/mathrock)] - +## Dependency Updates + +- bump github.com/stretchr/testify from 1.11.0 to 1.11.1 [[#449](https://github.com/anchore/stereoscope/pull/449) [@dependabot](https://github.com/dependabot)] +- bump github.com/docker/cli from 28.3.3+incompatible to 28.4.0+incompatible [[#452](https://github.com/anchore/stereoscope/pull/452) [@dependabot](https://github.com/dependabot)] +- bump github.com/spf13/afero from 1.14.0 to 1.15.0 [[#450](https://github.com/anchore/stereoscope/pull/450) [@dependabot](https://github.com/dependabot)] +- bump golang.org/x/crypto from 0.41.0 to 0.42.0 [[#451](https://github.com/anchore/stereoscope/pull/451) [@dependabot](https://github.com/dependabot)] +- bump github.com/docker/docker from 28.3.3+incompatible to 28.4.0+incompatible [[#453](https://github.com/anchore/stereoscope/pull/453) [@dependabot](https://github.com/dependabot)] +- bump github.com/ulikunitz/xz from 0.5.12 to 0.5.15 [[#447](https://github.com/anchore/stereoscope/pull/447) [@dependabot](https://github.com/dependabot)] +- bump actions/setup-go from 5.5.0 to 6.0.0 in /.github/actions/bootstrap [[#448](https://github.com/anchore/stereoscope/pull/448) [@dependabot](https://github.com/dependabot)] + +## Bug Fix + +- handling of variant in platform string and image config [[#455](https://github.com/anchore/stereoscope/pull/455) [@mathrock](https://github.com/mathrock)] + **[(Full Changelog)](https://github.com/anchore/stereoscope/compare/v0.1.9...v0.1.10)** diff --git a/content/docs/releases/stereoscope/v0.1.9.md b/content/docs/releases/stereoscope/v0.1.9.md index 8ce679e6..5101a721 100644 --- a/content/docs/releases/stereoscope/v0.1.9.md +++ b/content/docs/releases/stereoscope/v0.1.9.md @@ -11,13 +11,13 @@ description = "Release notes for stereoscope v0.1.9" Version [v0.1.9](https://github.com/anchore/stereoscope/releases/tag/v0.1.9) -## Dependency Updates - -- bump github.com/bmatcuk/doublestar/v4 from 4.9.0 to 4.9.1 [[#438](https://github.com/anchore/stereoscope/pull/438) [@dependabot](https://github.com/dependabot)] -- bump golang.org/x/crypto from 0.40.0 to 0.41.0 [[#436](https://github.com/anchore/stereoscope/pull/436) [@dependabot](https://github.com/dependabot)] -- bump github.com/awslabs/amazon-ecr-credential-helper/ecr-login from 0.9.1 to 0.10.1 [[#437](https://github.com/anchore/stereoscope/pull/437) [@dependabot](https://github.com/dependabot)] -- bump github.com/docker/cli from 28.3.2+incompatible to 28.3.3+incompatible [[#440](https://github.com/anchore/stereoscope/pull/440) [@dependabot](https://github.com/dependabot)] -- bump github.com/sylabs/sif/v2 from 2.21.1 to 2.22.0 [[#443](https://github.com/anchore/stereoscope/pull/443) [@dependabot](https://github.com/dependabot)] -- bump github.com/containerd/containerd from 1.7.27 to 1.7.28 [[#439](https://github.com/anchore/stereoscope/pull/439) [@dependabot](https://github.com/dependabot)] -- bump github.com/docker/go-connections from 0.5.0 to 0.6.0 [[#441](https://github.com/anchore/stereoscope/pull/441) [@dependabot](https://github.com/dependabot)] -**[(Full Changelog)](https://github.com/anchore/stereoscope/compare/v0.1.8...v0.1.9)** +## Dependency Updates + +- bump github.com/bmatcuk/doublestar/v4 from 4.9.0 to 4.9.1 [[#438](https://github.com/anchore/stereoscope/pull/438) [@dependabot](https://github.com/dependabot)] +- bump golang.org/x/crypto from 0.40.0 to 0.41.0 [[#436](https://github.com/anchore/stereoscope/pull/436) [@dependabot](https://github.com/dependabot)] +- bump github.com/awslabs/amazon-ecr-credential-helper/ecr-login from 0.9.1 to 0.10.1 [[#437](https://github.com/anchore/stereoscope/pull/437) [@dependabot](https://github.com/dependabot)] +- bump github.com/docker/cli from 28.3.2+incompatible to 28.3.3+incompatible [[#440](https://github.com/anchore/stereoscope/pull/440) [@dependabot](https://github.com/dependabot)] +- bump github.com/sylabs/sif/v2 from 2.21.1 to 2.22.0 [[#443](https://github.com/anchore/stereoscope/pull/443) [@dependabot](https://github.com/dependabot)] +- bump github.com/containerd/containerd from 1.7.27 to 1.7.28 [[#439](https://github.com/anchore/stereoscope/pull/439) [@dependabot](https://github.com/dependabot)] +- bump github.com/docker/go-connections from 0.5.0 to 0.6.0 [[#441](https://github.com/anchore/stereoscope/pull/441) [@dependabot](https://github.com/dependabot)] + **[(Full Changelog)](https://github.com/anchore/stereoscope/compare/v0.1.8...v0.1.9)** diff --git a/content/docs/releases/syft/_index.md b/content/docs/releases/syft/_index.md index 14eaa370..f9f685c3 100644 --- a/content/docs/releases/syft/_index.md +++ b/content/docs/releases/syft/_index.md @@ -1,7 +1,7 @@ +++ tags = ['syft'] categories = ['release'] -title = "Syft Release Notes" +title = "Syft Release Notes" linkTitle = "Syft" url = "docs/releases/syft" description = "Anchore Syft Release Notes" diff --git a/content/docs/releases/syft/v0.1.0-beta.1.md b/content/docs/releases/syft/v0.1.0-beta.1.md index 06e492b8..71b11696 100644 --- a/content/docs/releases/syft/v0.1.0-beta.1.md +++ b/content/docs/releases/syft/v0.1.0-beta.1.md @@ -10,5 +10,3 @@ description = "Release notes for syft v0.1.0-beta.1" ## Release Notes Version [v0.1.0-beta.1](https://github.com/anchore/syft/releases/tag/v0.1.0-beta.1) - - diff --git a/content/docs/releases/syft/v0.1.0-beta.3.md b/content/docs/releases/syft/v0.1.0-beta.3.md index 2c61e249..0c0ae8f7 100644 --- a/content/docs/releases/syft/v0.1.0-beta.3.md +++ b/content/docs/releases/syft/v0.1.0-beta.3.md @@ -11,33 +11,33 @@ description = "Release notes for syft v0.1.0-beta.3" Version [v0.1.0-beta.3](https://github.com/anchore/syft/releases/tag/v0.1.0-beta.3) -2d452bf Add inline-comparison as acceptance test (#130) -4c7784d Add shell completion script (#131) -86d3336 Add macos quarantine to readme (#129) -a3a3e38 replace master with main (#128) -fa5d2b5 fix readme installation notice -817ce61 Add detailed location info to json artifact (#127) -dc8dfc8 fix panic on top-level log (#125) -f855a38 pull all commits on checkout for release to build changelog (#126) -bfc5dd8 replace fetching->loading and reading->parsing in UI (#124) -70e6732 Add poetry cataloger (#121) -e2a874a finalize json output & add schema (#118) -2560266 Initial README (#120) -8fe59c6 bump stereoscope for docker pull + add UI elements for pull status (#117) -78515da replace zap logger with logrus (#116) -076d5c2 fix ui handlers to write before first event -5320280 show message when no packages are discovered (#115) -c67e17a Merge pull request #114 from anchore/issue-111 -04a1c91 java: fallback to manifest.ImplTitle when there is no name -bb81c0b tests: java cataloger tests for selecting name -e397659 pull in fix for bounds check progress formatting values in etui -271ba35 Export UI handlers for reuse in other tools (#113) -857f41b Merge pull request #112 from anchore/ignore-prerelease-versions -ad1a72c ignore prerelease verions when uploading version file on release -bc69382 Merge pull request #110 from anchore/issue-8 -caecce9 tests: update integration tests to include yarn packages -713f660 cataloger: update controller to use javascript (vs. npm) -d79cece tests: verify new yarn.lock parser -5790474 pkg: define the Yarn package type -67fb132 cataloger: implement the yarn.lock parser +2d452bf Add inline-comparison as acceptance test (#130) +4c7784d Add shell completion script (#131) +86d3336 Add macos quarantine to readme (#129) +a3a3e38 replace master with main (#128) +fa5d2b5 fix readme installation notice +817ce61 Add detailed location info to json artifact (#127) +dc8dfc8 fix panic on top-level log (#125) +f855a38 pull all commits on checkout for release to build changelog (#126) +bfc5dd8 replace fetching->loading and reading->parsing in UI (#124) +70e6732 Add poetry cataloger (#121) +e2a874a finalize json output & add schema (#118) +2560266 Initial README (#120) +8fe59c6 bump stereoscope for docker pull + add UI elements for pull status (#117) +78515da replace zap logger with logrus (#116) +076d5c2 fix ui handlers to write before first event +5320280 show message when no packages are discovered (#115) +c67e17a Merge pull request #114 from anchore/issue-111 +04a1c91 java: fallback to manifest.ImplTitle when there is no name +bb81c0b tests: java cataloger tests for selecting name +e397659 pull in fix for bounds check progress formatting values in etui +271ba35 Export UI handlers for reuse in other tools (#113) +857f41b Merge pull request #112 from anchore/ignore-prerelease-versions +ad1a72c ignore prerelease verions when uploading version file on release +bc69382 Merge pull request #110 from anchore/issue-8 +caecce9 tests: update integration tests to include yarn packages +713f660 cataloger: update controller to use javascript (vs. npm) +d79cece tests: verify new yarn.lock parser +5790474 pkg: define the Yarn package type +67fb132 cataloger: implement the yarn.lock parser 146b4bd cataloger: rename npm to javascript to accommodate yarn parser diff --git a/content/docs/releases/syft/v0.1.0-beta.4.md b/content/docs/releases/syft/v0.1.0-beta.4.md index 02a92263..b0a8ba99 100644 --- a/content/docs/releases/syft/v0.1.0-beta.4.md +++ b/content/docs/releases/syft/v0.1.0-beta.4.md @@ -11,9 +11,9 @@ description = "Release notes for syft v0.1.0-beta.4" Version [v0.1.0-beta.4](https://github.com/anchore/syft/releases/tag/v0.1.0-beta.4) -676544b use token on release -647c806 Add install script + brew tap (#138) -89dc415 Add badges (#137) -ac9141e add issue template (#135) -21aa32c Merge pull request #134 from anchore/issue-69 +676544b use token on release +647c806 Add install script + brew tap (#138) +89dc415 Add badges (#137) +ac9141e add issue template (#135) +21aa32c Merge pull request #134 from anchore/issue-69 2adbe75 docs: add contributing guidelines diff --git a/content/docs/releases/syft/v0.1.0-beta.5.md b/content/docs/releases/syft/v0.1.0-beta.5.md index 39b09761..7786f17d 100644 --- a/content/docs/releases/syft/v0.1.0-beta.5.md +++ b/content/docs/releases/syft/v0.1.0-beta.5.md @@ -11,35 +11,33 @@ description = "Release notes for syft v0.1.0-beta.5" Version [v0.1.0-beta.5](https://github.com/anchore/syft/releases/tag/v0.1.0-beta.5) -## [v0.1.0-beta.5](https://github.com/anchore/syft/tree/v0.1.0-beta.5) (2020-09-26) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.1.0-beta.4...v0.1.0-beta.5) - -**Implemented enhancements:** - -- Integrate the changelog generator into the release pipeline [\#182](https://github.com/anchore/syft/issues/182) -- Test DependencyTrack can utilize the CycloneDX report [\#161](https://github.com/anchore/syft/issues/161) -- Extend CycloneDx to use pURL [\#160](https://github.com/anchore/syft/issues/160) -- Add auto-changelog generation [\#159](https://github.com/anchore/syft/issues/159) -- JSON output for version details [\#122](https://github.com/anchore/syft/issues/122) -- Normalize the json image/dir source [\#180](https://github.com/anchore/syft/pull/180) ([wagoodman](https://github.com/wagoodman)) -- Remove duplicate rows from the summary table [\#179](https://github.com/anchore/syft/pull/179) ([wagoodman](https://github.com/wagoodman)) -- Add OCI support + use URI schemes [\#178](https://github.com/anchore/syft/pull/178) ([wagoodman](https://github.com/wagoodman)) - -**Fixed bugs:** - -- Acceptances tests not indicating failures [\#156](https://github.com/anchore/syft/issues/156) -- Always return a cleanup function from scope [\#183](https://github.com/anchore/syft/pull/183) ([wagoodman](https://github.com/wagoodman)) -- Unpin skopeo during mac acceptance tests [\#176](https://github.com/anchore/syft/pull/176) ([wagoodman](https://github.com/wagoodman)) -- remove accessing tag when not available [\#174](https://github.com/anchore/syft/pull/174) ([praveenmylavarapu](https://github.com/praveenmylavarapu)) - -**Closed issues:** - -- Expand matching of `requirements.txt` [\#167](https://github.com/anchore/syft/issues/167) -- Document release process [\#132](https://github.com/anchore/syft/issues/132) -- Add arch distro identification [\#49](https://github.com/anchore/syft/issues/49) -- Add suse distro identification [\#48](https://github.com/anchore/syft/issues/48) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.1.0-beta.5](https://github.com/anchore/syft/tree/v0.1.0-beta.5) (2020-09-26) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.1.0-beta.4...v0.1.0-beta.5) + +**Implemented enhancements:** + +- Integrate the changelog generator into the release pipeline [\#182](https://github.com/anchore/syft/issues/182) +- Test DependencyTrack can utilize the CycloneDX report [\#161](https://github.com/anchore/syft/issues/161) +- Extend CycloneDx to use pURL [\#160](https://github.com/anchore/syft/issues/160) +- Add auto-changelog generation [\#159](https://github.com/anchore/syft/issues/159) +- JSON output for version details [\#122](https://github.com/anchore/syft/issues/122) +- Normalize the json image/dir source [\#180](https://github.com/anchore/syft/pull/180) ([wagoodman](https://github.com/wagoodman)) +- Remove duplicate rows from the summary table [\#179](https://github.com/anchore/syft/pull/179) ([wagoodman](https://github.com/wagoodman)) +- Add OCI support + use URI schemes [\#178](https://github.com/anchore/syft/pull/178) ([wagoodman](https://github.com/wagoodman)) + +**Fixed bugs:** + +- Acceptances tests not indicating failures [\#156](https://github.com/anchore/syft/issues/156) +- Always return a cleanup function from scope [\#183](https://github.com/anchore/syft/pull/183) ([wagoodman](https://github.com/wagoodman)) +- Unpin skopeo during mac acceptance tests [\#176](https://github.com/anchore/syft/pull/176) ([wagoodman](https://github.com/wagoodman)) +- remove accessing tag when not available [\#174](https://github.com/anchore/syft/pull/174) ([praveenmylavarapu](https://github.com/praveenmylavarapu)) + +**Closed issues:** + +- Expand matching of `requirements.txt` [\#167](https://github.com/anchore/syft/issues/167) +- Document release process [\#132](https://github.com/anchore/syft/issues/132) +- Add arch distro identification [\#49](https://github.com/anchore/syft/issues/49) +- Add suse distro identification [\#48](https://github.com/anchore/syft/issues/48) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.10.0.md b/content/docs/releases/syft/v0.10.0.md index c7a53497..a58d891c 100644 --- a/content/docs/releases/syft/v0.10.0.md +++ b/content/docs/releases/syft/v0.10.0.md @@ -11,16 +11,13 @@ description = "Release notes for syft v0.10.0" Version [v0.10.0](https://github.com/anchore/syft/releases/tag/v0.10.0) -## [v0.10.0](https://github.com/anchore/syft/tree/v0.10.0) (2020-12-10) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.9.2...v0.10.0) - - -**Enhancements:** - -- Include in JSON output the raw manifest \(and digest\) from registry if available or a computed manifest \(and digest\) [\#272](https://github.com/anchore/syft/issues/272) -- Add support for uploading SBOM results to Anchore Engine [\#38](https://github.com/anchore/syft/issues/38) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.10.0](https://github.com/anchore/syft/tree/v0.10.0) (2020-12-10) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.9.2...v0.10.0) + +**Enhancements:** + +- Include in JSON output the raw manifest \(and digest\) from registry if available or a computed manifest \(and digest\) [\#272](https://github.com/anchore/syft/issues/272) +- Add support for uploading SBOM results to Anchore Engine [\#38](https://github.com/anchore/syft/issues/38) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.11.0.md b/content/docs/releases/syft/v0.11.0.md index bf1dacfb..33a15752 100644 --- a/content/docs/releases/syft/v0.11.0.md +++ b/content/docs/releases/syft/v0.11.0.md @@ -11,22 +11,20 @@ description = "Release notes for syft v0.11.0" Version [v0.11.0](https://github.com/anchore/syft/releases/tag/v0.11.0) -## [v0.11.0](https://github.com/anchore/syft/tree/v0.11.0) (2020-12-18) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.10.0...v0.11.0) - -**Implemented enhancements:** - -- Update dpkg license to only include single-word entries [\#298](https://github.com/anchore/syft/pull/298) ([wagoodman](https://github.com/wagoodman)) -- Incorporate import changes + add image overwrite option [\#294](https://github.com/anchore/syft/pull/294) ([wagoodman](https://github.com/wagoodman)) -- Improve performance of the python cataloger [\#290](https://github.com/anchore/syft/pull/290) ([wagoodman](https://github.com/wagoodman)) -- Sort generated CPEs by specificity [\#289](https://github.com/anchore/syft/pull/289) ([luhring](https://github.com/luhring)) -- Upload SBOM results to Anchore Engine [\#38](https://github.com/anchore/syft/issues/38) - -**Fixed bugs:** - -- Python egg-info may be a directory or file, Syft only looks for directories [\#295](https://github.com/anchore/syft/issues/295) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.11.0](https://github.com/anchore/syft/tree/v0.11.0) (2020-12-18) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.10.0...v0.11.0) + +**Implemented enhancements:** + +- Update dpkg license to only include single-word entries [\#298](https://github.com/anchore/syft/pull/298) ([wagoodman](https://github.com/wagoodman)) +- Incorporate import changes + add image overwrite option [\#294](https://github.com/anchore/syft/pull/294) ([wagoodman](https://github.com/wagoodman)) +- Improve performance of the python cataloger [\#290](https://github.com/anchore/syft/pull/290) ([wagoodman](https://github.com/wagoodman)) +- Sort generated CPEs by specificity [\#289](https://github.com/anchore/syft/pull/289) ([luhring](https://github.com/luhring)) +- Upload SBOM results to Anchore Engine [\#38](https://github.com/anchore/syft/issues/38) + +**Fixed bugs:** + +- Python egg-info may be a directory or file, Syft only looks for directories [\#295](https://github.com/anchore/syft/issues/295) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.11.1.md b/content/docs/releases/syft/v0.11.1.md index 03126d4d..580d9907 100644 --- a/content/docs/releases/syft/v0.11.1.md +++ b/content/docs/releases/syft/v0.11.1.md @@ -11,13 +11,13 @@ description = "Release notes for syft v0.11.1" Version [v0.11.1](https://github.com/anchore/syft/releases/tag/v0.11.1) -## [v0.11.1](https://github.com/anchore/syft/tree/v0.11.1) (2020-12-23) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.11.0...v0.11.1) - -**Fixed bugs:** - -- Handle site packages based on which egg file is parsed [\#303](https://github.com/anchore/syft/pull/303) ([luhring](https://github.com/luhring)) -- Python runtime is not a Python package itself, ignore it [\#301](https://github.com/anchore/syft/pull/301) ([alfredodeza](https://github.com/alfredodeza)) - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.11.1](https://github.com/anchore/syft/tree/v0.11.1) (2020-12-23) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.11.0...v0.11.1) + +**Fixed bugs:** + +- Handle site packages based on which egg file is parsed [\#303](https://github.com/anchore/syft/pull/303) ([luhring](https://github.com/luhring)) +- Python runtime is not a Python package itself, ignore it [\#301](https://github.com/anchore/syft/pull/301) ([alfredodeza](https://github.com/alfredodeza)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.12.0.md b/content/docs/releases/syft/v0.12.0.md index 977d0ec4..334014c2 100644 --- a/content/docs/releases/syft/v0.12.0.md +++ b/content/docs/releases/syft/v0.12.0.md @@ -11,18 +11,16 @@ description = "Release notes for syft v0.12.0" Version [v0.12.0](https://github.com/anchore/syft/releases/tag/v0.12.0) -## [v0.12.0](https://github.com/anchore/syft/tree/v0.12.0) (2021-01-04) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.11.1...v0.12.0) - -**Implemented enhancements:** - -- Bump stereoscope to pull in content API refactors [\#299](https://github.com/anchore/syft/pull/299) ([wagoodman](https://github.com/wagoodman)) - -**Fixed bugs:** - -- Fix symlink resolutions for constituent paths [\#304](https://github.com/anchore/syft/pull/304) ([wagoodman](https://github.com/wagoodman)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.12.0](https://github.com/anchore/syft/tree/v0.12.0) (2021-01-04) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.11.1...v0.12.0) + +**Implemented enhancements:** + +- Bump stereoscope to pull in content API refactors [\#299](https://github.com/anchore/syft/pull/299) ([wagoodman](https://github.com/wagoodman)) + +**Fixed bugs:** + +- Fix symlink resolutions for constituent paths [\#304](https://github.com/anchore/syft/pull/304) ([wagoodman](https://github.com/wagoodman)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.12.1.md b/content/docs/releases/syft/v0.12.1.md index 6009c506..bad6d102 100644 --- a/content/docs/releases/syft/v0.12.1.md +++ b/content/docs/releases/syft/v0.12.1.md @@ -11,15 +11,13 @@ description = "Release notes for syft v0.12.1" Version [v0.12.1](https://github.com/anchore/syft/releases/tag/v0.12.1) -## [v0.12.1](https://github.com/anchore/syft/tree/v0.12.1) (2021-01-05) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.12.0...v0.12.1) - -**Fixed bugs:** - -- Update gemspec glob to include named nested specification directories [\#306](https://github.com/anchore/syft/pull/306) ([wagoodman](https://github.com/wagoodman)) -- Add HasPath\(\) to Resolver interface for existence check [\#305](https://github.com/anchore/syft/pull/305) ([wagoodman](https://github.com/wagoodman)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.12.1](https://github.com/anchore/syft/tree/v0.12.1) (2021-01-05) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.12.0...v0.12.1) + +**Fixed bugs:** + +- Update gemspec glob to include named nested specification directories [\#306](https://github.com/anchore/syft/pull/306) ([wagoodman](https://github.com/wagoodman)) +- Add HasPath\(\) to Resolver interface for existence check [\#305](https://github.com/anchore/syft/pull/305) ([wagoodman](https://github.com/wagoodman)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.12.2.md b/content/docs/releases/syft/v0.12.2.md index a619aed8..549678c7 100644 --- a/content/docs/releases/syft/v0.12.2.md +++ b/content/docs/releases/syft/v0.12.2.md @@ -11,15 +11,13 @@ description = "Release notes for syft v0.12.2" Version [v0.12.2](https://github.com/anchore/syft/releases/tag/v0.12.2) -## [v0.12.2](https://github.com/anchore/syft/tree/v0.12.2) (2021-01-06) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.12.1...v0.12.2) - -**Fixed bugs:** - -- Prefer real paths over those with links for glob results [\#308](https://github.com/anchore/syft/pull/308) ([wagoodman](https://github.com/wagoodman)) -- Duplicate reference readers for duplicate location resolutions [\#307](https://github.com/anchore/syft/pull/307) ([wagoodman](https://github.com/wagoodman)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.12.2](https://github.com/anchore/syft/tree/v0.12.2) (2021-01-06) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.12.1...v0.12.2) + +**Fixed bugs:** + +- Prefer real paths over those with links for glob results [\#308](https://github.com/anchore/syft/pull/308) ([wagoodman](https://github.com/wagoodman)) +- Duplicate reference readers for duplicate location resolutions [\#307](https://github.com/anchore/syft/pull/307) ([wagoodman](https://github.com/wagoodman)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.12.3.md b/content/docs/releases/syft/v0.12.3.md index d680971f..68f47b37 100644 --- a/content/docs/releases/syft/v0.12.3.md +++ b/content/docs/releases/syft/v0.12.3.md @@ -11,14 +11,12 @@ description = "Release notes for syft v0.12.3" Version [v0.12.3](https://github.com/anchore/syft/releases/tag/v0.12.3) -## [v0.12.3](https://github.com/anchore/syft/tree/v0.12.3) (2021-01-22) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.12.2...v0.12.3) - -**Fixed bugs:** - -- Partial package.json files lead to empty packages in output [\#311](https://github.com/anchore/syft/issues/311) ([luhring](https://github.com/luhring)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.12.3](https://github.com/anchore/syft/tree/v0.12.3) (2021-01-22) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.12.2...v0.12.3) + +**Fixed bugs:** + +- Partial package.json files lead to empty packages in output [\#311](https://github.com/anchore/syft/issues/311) ([luhring](https://github.com/luhring)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.12.4.md b/content/docs/releases/syft/v0.12.4.md index ccf7ec89..be0e31cf 100644 --- a/content/docs/releases/syft/v0.12.4.md +++ b/content/docs/releases/syft/v0.12.4.md @@ -11,14 +11,12 @@ description = "Release notes for syft v0.12.4" Version [v0.12.4](https://github.com/anchore/syft/releases/tag/v0.12.4) -## [v0.12.4](https://github.com/anchore/syft/tree/v0.12.4) (2021-01-27) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.12.3...v0.12.4) - -**Fixed bugs:** - -- SIGSEGV in discoverPkgsFromPomProperties on parsing Java pom.properties [\#252](https://github.com/anchore/syft/issues/252) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.12.4](https://github.com/anchore/syft/tree/v0.12.4) (2021-01-27) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.12.3...v0.12.4) + +**Fixed bugs:** + +- SIGSEGV in discoverPkgsFromPomProperties on parsing Java pom.properties [\#252](https://github.com/anchore/syft/issues/252) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.12.5.md b/content/docs/releases/syft/v0.12.5.md index ebe5beb0..9beca388 100644 --- a/content/docs/releases/syft/v0.12.5.md +++ b/content/docs/releases/syft/v0.12.5.md @@ -11,14 +11,12 @@ description = "Release notes for syft v0.12.5" Version [v0.12.5](https://github.com/anchore/syft/releases/tag/v0.12.5) -## [v0.12.5](https://github.com/anchore/syft/tree/v0.12.5) (2021-02-01) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.12.4...v0.12.5) - -**Fixed bugs:** - -- Bring in fix from stereoscope for zero-layers panic [\#316](https://github.com/anchore/syft/pull/316) ([luhring](https://github.com/luhring)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.12.5](https://github.com/anchore/syft/tree/v0.12.5) (2021-02-01) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.12.4...v0.12.5) + +**Fixed bugs:** + +- Bring in fix from stereoscope for zero-layers panic [\#316](https://github.com/anchore/syft/pull/316) ([luhring](https://github.com/luhring)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.12.6.md b/content/docs/releases/syft/v0.12.6.md index 1ec04c60..781421c3 100644 --- a/content/docs/releases/syft/v0.12.6.md +++ b/content/docs/releases/syft/v0.12.6.md @@ -11,14 +11,12 @@ description = "Release notes for syft v0.12.6" Version [v0.12.6](https://github.com/anchore/syft/releases/tag/v0.12.6) -## [v0.12.6](https://github.com/anchore/syft/tree/v0.12.6) (2021-02-05) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.12.5...v0.12.6) - -**Fixed bugs:** - -- Missing support for path prefixes during import to Anchore API [\#315](https://github.com/anchore/syft/issues/315) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.12.6](https://github.com/anchore/syft/tree/v0.12.6) (2021-02-05) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.12.5...v0.12.6) + +**Fixed bugs:** + +- Missing support for path prefixes during import to Anchore API [\#315](https://github.com/anchore/syft/issues/315) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.12.7.md b/content/docs/releases/syft/v0.12.7.md index bba24d37..34e94c9e 100644 --- a/content/docs/releases/syft/v0.12.7.md +++ b/content/docs/releases/syft/v0.12.7.md @@ -11,15 +11,13 @@ description = "Release notes for syft v0.12.7" Version [v0.12.7](https://github.com/anchore/syft/releases/tag/v0.12.7) -## [v0.12.7](https://github.com/anchore/syft/tree/v0.12.7) (2021-02-17) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.12.6...v0.12.7) - -**Fixed bugs:** - -- Be lenient on invalid fields in PKG-INFO [\#328](https://github.com/anchore/syft/pull/328) ([alfredodeza](https://github.com/alfredodeza)) -- Add handling of interrupting signals to the UI [\#324](https://github.com/anchore/syft/pull/324) ([luhring](https://github.com/luhring)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.12.7](https://github.com/anchore/syft/tree/v0.12.7) (2021-02-17) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.12.6...v0.12.7) + +**Fixed bugs:** + +- Be lenient on invalid fields in PKG-INFO [\#328](https://github.com/anchore/syft/pull/328) ([alfredodeza](https://github.com/alfredodeza)) +- Add handling of interrupting signals to the UI [\#324](https://github.com/anchore/syft/pull/324) ([luhring](https://github.com/luhring)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.13.0.md b/content/docs/releases/syft/v0.13.0.md index 4f59f09a..6b3b65a0 100644 --- a/content/docs/releases/syft/v0.13.0.md +++ b/content/docs/releases/syft/v0.13.0.md @@ -11,19 +11,17 @@ description = "Release notes for syft v0.13.0" Version [v0.13.0](https://github.com/anchore/syft/releases/tag/v0.13.0) -## [v0.13.0](https://github.com/anchore/syft/tree/v0.13.0) (2021-02-25) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.12.7...v0.13.0) - -**Implemented enhancements:** - -- Add package relationships and add ownership-by-file-overlap relationship [\#326](https://github.com/anchore/syft/issues/326) [\#198](https://github.com/anchore/syft/issues/198) [\#329](https://github.com/anchore/syft/pull/329) ([wagoodman](https://github.com/wagoodman)) - -**Fixed bugs:** - -- Failure when working on `odoo:latest` [\#309](https://github.com/anchore/syft/issues/309) -- global incremental ID creates issues for consumers [\#166](https://github.com/anchore/syft/issues/166) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.13.0](https://github.com/anchore/syft/tree/v0.13.0) (2021-02-25) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.12.7...v0.13.0) + +**Implemented enhancements:** + +- Add package relationships and add ownership-by-file-overlap relationship [\#326](https://github.com/anchore/syft/issues/326) [\#198](https://github.com/anchore/syft/issues/198) [\#329](https://github.com/anchore/syft/pull/329) ([wagoodman](https://github.com/wagoodman)) + +**Fixed bugs:** + +- Failure when working on `odoo:latest` [\#309](https://github.com/anchore/syft/issues/309) +- global incremental ID creates issues for consumers [\#166](https://github.com/anchore/syft/issues/166) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.13.1.md b/content/docs/releases/syft/v0.13.1.md index 2f5d9da2..df6770c4 100644 --- a/content/docs/releases/syft/v0.13.1.md +++ b/content/docs/releases/syft/v0.13.1.md @@ -11,14 +11,12 @@ description = "Release notes for syft v0.13.1" Version [v0.13.1](https://github.com/anchore/syft/releases/tag/v0.13.1) -## [v0.13.1](https://github.com/anchore/syft/tree/v0.13.1) (2021-02-26) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.13.0...v0.13.1) - -**Fixed bugs:** - -- Ignore ownership for shared copyright resources [\#334](https://github.com/anchore/syft/pull/334) ([wagoodman](https://github.com/wagoodman)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.13.1](https://github.com/anchore/syft/tree/v0.13.1) (2021-02-26) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.13.0...v0.13.1) + +**Fixed bugs:** + +- Ignore ownership for shared copyright resources [\#334](https://github.com/anchore/syft/pull/334) ([wagoodman](https://github.com/wagoodman)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.14.0.md b/content/docs/releases/syft/v0.14.0.md index 84861ccd..8f83d083 100644 --- a/content/docs/releases/syft/v0.14.0.md +++ b/content/docs/releases/syft/v0.14.0.md @@ -11,20 +11,18 @@ description = "Release notes for syft v0.14.0" Version [v0.14.0](https://github.com/anchore/syft/releases/tag/v0.14.0) -## [v0.14.0](https://github.com/anchore/syft/tree/v0.14.0) (2021-03-20) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.13.1...v0.14.0) - -**Implemented enhancements:** - -- Add Docker image to release process [\#344](https://github.com/anchore/syft/pull/344) ([wagoodman](https://github.com/wagoodman)) -- Added Photon OS to the list of distros [\#341](https://github.com/anchore/syft/pull/341) ([thehh1974](https://github.com/thehh1974)) -- Add distroless image identification [\#44](https://github.com/anchore/syft/issues/44) - -**Fixed bugs:** - -- Allow for multiple pom.properties delimiters [\#349](https://github.com/anchore/syft/issues/349) [\#348](https://github.com/anchore/syft/pull/348) ([wagoodman](https://github.com/wagoodman)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.14.0](https://github.com/anchore/syft/tree/v0.14.0) (2021-03-20) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.13.1...v0.14.0) + +**Implemented enhancements:** + +- Add Docker image to release process [\#344](https://github.com/anchore/syft/pull/344) ([wagoodman](https://github.com/wagoodman)) +- Added Photon OS to the list of distros [\#341](https://github.com/anchore/syft/pull/341) ([thehh1974](https://github.com/thehh1974)) +- Add distroless image identification [\#44](https://github.com/anchore/syft/issues/44) + +**Fixed bugs:** + +- Allow for multiple pom.properties delimiters [\#349](https://github.com/anchore/syft/issues/349) [\#348](https://github.com/anchore/syft/pull/348) ([wagoodman](https://github.com/wagoodman)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.15.1.md b/content/docs/releases/syft/v0.15.1.md index a9f3a4db..cf9bd8ba 100644 --- a/content/docs/releases/syft/v0.15.1.md +++ b/content/docs/releases/syft/v0.15.1.md @@ -11,49 +11,46 @@ description = "Release notes for syft v0.15.1" Version [v0.15.1](https://github.com/anchore/syft/releases/tag/v0.15.1) -## [v0.15.1](https://github.com/anchore/syft/tree/v0.15.1) (2021-04-22) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.15.0...v0.14.0) - - -**Implemented enhancements:** - -- Account for known mappings of package name to CPE products [\#393](https://github.com/anchore/syft/issues/393) -- Implement binary package identification [\#372](https://github.com/anchore/syft/issues/372) -- Report package DB verification metadata [\#371](https://github.com/anchore/syft/issues/371) -- Implement selective "retrieve files" cataloger [\#369](https://github.com/anchore/syft/issues/369) -- Add hyphen replacement in CPE generator [\#361](https://github.com/anchore/syft/issues/361) -- Cataloger for Rust crates from Cargo.lock [\#338](https://github.com/anchore/syft/issues/338) -- Add file metadata cataloger [\#335](https://github.com/anchore/syft/issues/335) -- Introduce an additional command line switch so that syft command understands I am passing a directory [\#277](https://github.com/anchore/syft/issues/277) -- Add for known bad CPE field combinations for jenkins package [\#405](https://github.com/anchore/syft/pull/405) ([wagoodman](https://github.com/wagoodman)) -- Add additional cases for categorizing jenkins package type by group id [\#404](https://github.com/anchore/syft/pull/404) ([wagoodman](https://github.com/wagoodman)) -- Enhance CPE generation for java GroupId and filtering [\#402](https://github.com/anchore/syft/pull/402) ([wagoodman](https://github.com/wagoodman)) -- Add hyphen replacement logic for CPE generation [\#397](https://github.com/anchore/syft/pull/397) ([wagoodman](https://github.com/wagoodman)) -- Add ability to pull images directly from a registry [\#378](https://github.com/anchore/syft/pull/378) ([wagoodman](https://github.com/wagoodman)) -- Add secrets cataloger [\#362](https://github.com/anchore/syft/issues/362) - -**Fixed bugs:** - -- Using pom groupId leading to bad CPEs for plugins, leading to false positives [\#395](https://github.com/anchore/syft/issues/395) -- Registry credentials should require username and password [\#385](https://github.com/anchore/syft/issues/385) -- Malformed Python package metadata can cause parse failure [\#365](https://github.com/anchore/syft/issues/365) -- Java cataloger missing packages when parsing partially fails [\#349](https://github.com/anchore/syft/issues/349) -- Syft BOM ordering is not always consistent [\#331](https://github.com/anchore/syft/issues/331) -- Update parent pom persistence with regard to shaded jars [\#403](https://github.com/anchore/syft/pull/403) ([wagoodman](https://github.com/wagoodman)) -- Refactor pom properties handling relative to parent package [\#392](https://github.com/anchore/syft/pull/392) ([wagoodman](https://github.com/wagoodman)) -- Safely join paths derived from archive headers [\#386](https://github.com/anchore/syft/pull/386) ([wagoodman](https://github.com/wagoodman)) -- Add manifest + repo digests on registry source [\#382](https://github.com/anchore/syft/pull/382) ([wagoodman](https://github.com/wagoodman)) -- Ensure credentials are not HTML encoded [\#368](https://github.com/anchore/syft/pull/368) ([wagoodman](https://github.com/wagoodman)) -- Ensure pkg.Catalog path index deduplicates real vs virtual paths [\#356](https://github.com/anchore/syft/pull/356) ([wagoodman](https://github.com/wagoodman)) - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/syft:latest` -- `docker pull anchore/syft:v0.15.1` -- `docker pull anchore/syft:v0` +## [v0.15.1](https://github.com/anchore/syft/tree/v0.15.1) (2021-04-22) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.15.0...v0.14.0) + +**Implemented enhancements:** + +- Account for known mappings of package name to CPE products [\#393](https://github.com/anchore/syft/issues/393) +- Implement binary package identification [\#372](https://github.com/anchore/syft/issues/372) +- Report package DB verification metadata [\#371](https://github.com/anchore/syft/issues/371) +- Implement selective "retrieve files" cataloger [\#369](https://github.com/anchore/syft/issues/369) +- Add hyphen replacement in CPE generator [\#361](https://github.com/anchore/syft/issues/361) +- Cataloger for Rust crates from Cargo.lock [\#338](https://github.com/anchore/syft/issues/338) +- Add file metadata cataloger [\#335](https://github.com/anchore/syft/issues/335) +- Introduce an additional command line switch so that syft command understands I am passing a directory [\#277](https://github.com/anchore/syft/issues/277) +- Add for known bad CPE field combinations for jenkins package [\#405](https://github.com/anchore/syft/pull/405) ([wagoodman](https://github.com/wagoodman)) +- Add additional cases for categorizing jenkins package type by group id [\#404](https://github.com/anchore/syft/pull/404) ([wagoodman](https://github.com/wagoodman)) +- Enhance CPE generation for java GroupId and filtering [\#402](https://github.com/anchore/syft/pull/402) ([wagoodman](https://github.com/wagoodman)) +- Add hyphen replacement logic for CPE generation [\#397](https://github.com/anchore/syft/pull/397) ([wagoodman](https://github.com/wagoodman)) +- Add ability to pull images directly from a registry [\#378](https://github.com/anchore/syft/pull/378) ([wagoodman](https://github.com/wagoodman)) +- Add secrets cataloger [\#362](https://github.com/anchore/syft/issues/362) + +**Fixed bugs:** + +- Using pom groupId leading to bad CPEs for plugins, leading to false positives [\#395](https://github.com/anchore/syft/issues/395) +- Registry credentials should require username and password [\#385](https://github.com/anchore/syft/issues/385) +- Malformed Python package metadata can cause parse failure [\#365](https://github.com/anchore/syft/issues/365) +- Java cataloger missing packages when parsing partially fails [\#349](https://github.com/anchore/syft/issues/349) +- Syft BOM ordering is not always consistent [\#331](https://github.com/anchore/syft/issues/331) +- Update parent pom persistence with regard to shaded jars [\#403](https://github.com/anchore/syft/pull/403) ([wagoodman](https://github.com/wagoodman)) +- Refactor pom properties handling relative to parent package [\#392](https://github.com/anchore/syft/pull/392) ([wagoodman](https://github.com/wagoodman)) +- Safely join paths derived from archive headers [\#386](https://github.com/anchore/syft/pull/386) ([wagoodman](https://github.com/wagoodman)) +- Add manifest + repo digests on registry source [\#382](https://github.com/anchore/syft/pull/382) ([wagoodman](https://github.com/wagoodman)) +- Ensure credentials are not HTML encoded [\#368](https://github.com/anchore/syft/pull/368) ([wagoodman](https://github.com/wagoodman)) +- Ensure pkg.Catalog path index deduplicates real vs virtual paths [\#356](https://github.com/anchore/syft/pull/356) ([wagoodman](https://github.com/wagoodman)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/syft:latest` +- `docker pull anchore/syft:v0.15.1` +- `docker pull anchore/syft:v0` - `docker pull anchore/syft:v0.15` diff --git a/content/docs/releases/syft/v0.15.2.md b/content/docs/releases/syft/v0.15.2.md index d0663f5c..faac85cb 100644 --- a/content/docs/releases/syft/v0.15.2.md +++ b/content/docs/releases/syft/v0.15.2.md @@ -11,22 +11,19 @@ description = "Release notes for syft v0.15.2" Version [v0.15.2](https://github.com/anchore/syft/releases/tag/v0.15.2) -## [v0.15.2](https://github.com/anchore/syft/tree/v0.15.2) (2021-05-12) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.15.1...v0.15.2) - -**Fixed bugs:** - -- Close all ReadClosers explicitly retrieved from resolvers [\#414](https://github.com/anchore/syft/pull/414) ([wagoodman](https://github.com/wagoodman)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/syft:latest` -- `docker pull anchore/syft:v0.15.2` -- `docker pull anchore/syft:v0` +## [v0.15.2](https://github.com/anchore/syft/tree/v0.15.2) (2021-05-12) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.15.1...v0.15.2) + +**Fixed bugs:** + +- Close all ReadClosers explicitly retrieved from resolvers [\#414](https://github.com/anchore/syft/pull/414) ([wagoodman](https://github.com/wagoodman)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/syft:latest` +- `docker pull anchore/syft:v0.15.2` +- `docker pull anchore/syft:v0` - `docker pull anchore/syft:v0.15` diff --git a/content/docs/releases/syft/v0.16.1.md b/content/docs/releases/syft/v0.16.1.md index 7a243457..dbbbb169 100644 --- a/content/docs/releases/syft/v0.16.1.md +++ b/content/docs/releases/syft/v0.16.1.md @@ -11,28 +11,25 @@ description = "Release notes for syft v0.16.1" Version [v0.16.1](https://github.com/anchore/syft/releases/tag/v0.16.1) -## [v0.16.1](https://github.com/anchore/syft/tree/v0.16.1) (2021-05-25) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.16.0...v0.16.1) - -**Implemented enhancements:** - -- Add all package metadata types slice for use in downstream testing [\#418](https://github.com/anchore/syft/pull/418) -- Add config option for import timeout [\#421](https://github.com/anchore/syft/pull/421) ([luhring](https://github.com/luhring)) - -**Fixed bugs:** - -- Allow registry auth config without authority value [\#420](https://github.com/anchore/syft/pull/420) ([luhring](https://github.com/luhring)) -- Fix go mod tidy release problem [\#422](https://github.com/anchore/syft/pull/422) ([luhring](https://github.com/luhring)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/syft:latest` -- `docker pull anchore/syft:v0.16.1` -- `docker pull anchore/syft:v0` +## [v0.16.1](https://github.com/anchore/syft/tree/v0.16.1) (2021-05-25) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.16.0...v0.16.1) + +**Implemented enhancements:** + +- Add all package metadata types slice for use in downstream testing [\#418](https://github.com/anchore/syft/pull/418) +- Add config option for import timeout [\#421](https://github.com/anchore/syft/pull/421) ([luhring](https://github.com/luhring)) + +**Fixed bugs:** + +- Allow registry auth config without authority value [\#420](https://github.com/anchore/syft/pull/420) ([luhring](https://github.com/luhring)) +- Fix go mod tidy release problem [\#422](https://github.com/anchore/syft/pull/422) ([luhring](https://github.com/luhring)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/syft:latest` +- `docker pull anchore/syft:v0.16.1` +- `docker pull anchore/syft:v0` - `docker pull anchore/syft:v0.16` diff --git a/content/docs/releases/syft/v0.17.0.md b/content/docs/releases/syft/v0.17.0.md index a7a93c38..a5d81e1e 100644 --- a/content/docs/releases/syft/v0.17.0.md +++ b/content/docs/releases/syft/v0.17.0.md @@ -11,27 +11,24 @@ description = "Release notes for syft v0.17.0" Version [v0.17.0](https://github.com/anchore/syft/releases/tag/v0.17.0) -## [v0.17.0](https://github.com/anchore/syft/tree/v0.17.0) (2021-06-04) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.16.1...v0.17.0) - -**Implemented enhancements:** - -- Improve discovery of app.jar packaging \(self-executing Jars\) [\#413](https://github.com/anchore/syft/issues/413) -- Report Epoch in RPM version [\#408](https://github.com/anchore/syft/issues/408) - -**Fixed bugs:** - -- How to join the Anchore Community Slack? [\#423](https://github.com/anchore/syft/issues/423) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/syft:latest` -- `docker pull anchore/syft:v0.17.0` -- `docker pull anchore/syft:v0` +## [v0.17.0](https://github.com/anchore/syft/tree/v0.17.0) (2021-06-04) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.16.1...v0.17.0) + +**Implemented enhancements:** + +- Improve discovery of app.jar packaging \(self-executing Jars\) [\#413](https://github.com/anchore/syft/issues/413) +- Report Epoch in RPM version [\#408](https://github.com/anchore/syft/issues/408) + +**Fixed bugs:** + +- How to join the Anchore Community Slack? [\#423](https://github.com/anchore/syft/issues/423) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/syft:latest` +- `docker pull anchore/syft:v0.17.0` +- `docker pull anchore/syft:v0` - `docker pull anchore/syft:v0.17` diff --git a/content/docs/releases/syft/v0.17.1.md b/content/docs/releases/syft/v0.17.1.md index 55c2ee44..0af0cb92 100644 --- a/content/docs/releases/syft/v0.17.1.md +++ b/content/docs/releases/syft/v0.17.1.md @@ -11,22 +11,19 @@ description = "Release notes for syft v0.17.1" Version [v0.17.1](https://github.com/anchore/syft/releases/tag/v0.17.1) -## [v0.17.1](https://github.com/anchore/syft/tree/v0.17.1) (2021-06-19) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.17.0...v0.17.1) - -**Fixed bugs:** - -- Incorrect version detection for NPM packages found via yarn.lock [\#430](https://github.com/anchore/syft/issues/430) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/syft:latest` -- `docker pull anchore/syft:v0.17.1` -- `docker pull anchore/syft:v0` +## [v0.17.1](https://github.com/anchore/syft/tree/v0.17.1) (2021-06-19) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.17.0...v0.17.1) + +**Fixed bugs:** + +- Incorrect version detection for NPM packages found via yarn.lock [\#430](https://github.com/anchore/syft/issues/430) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/syft:latest` +- `docker pull anchore/syft:v0.17.1` +- `docker pull anchore/syft:v0` - `docker pull anchore/syft:v0.17` diff --git a/content/docs/releases/syft/v0.18.0.md b/content/docs/releases/syft/v0.18.0.md index 253c325c..9a22249c 100644 --- a/content/docs/releases/syft/v0.18.0.md +++ b/content/docs/releases/syft/v0.18.0.md @@ -11,27 +11,24 @@ description = "Release notes for syft v0.18.0" Version [v0.18.0](https://github.com/anchore/syft/releases/tag/v0.18.0) -## [v0.18.0](https://github.com/anchore/syft/tree/v0.18.0) (2021-06-29) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.17.1...v0.18.0) - -**Implemented enhancements:** - -- Add support for SPDX SBOM format [\#213](https://github.com/anchore/syft/issues/213) -- Split UI from event handling [\#448](https://github.com/anchore/syft/pull/448) ([wagoodman](https://github.com/wagoodman)) - -**Fixed bugs:** - -- Disk space not freed after syft command [\#416](https://github.com/anchore/syft/issues/416) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/syft:latest` -- `docker pull anchore/syft:v0.18.0` -- `docker pull anchore/syft:v0` +## [v0.18.0](https://github.com/anchore/syft/tree/v0.18.0) (2021-06-29) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.17.1...v0.18.0) + +**Implemented enhancements:** + +- Add support for SPDX SBOM format [\#213](https://github.com/anchore/syft/issues/213) +- Split UI from event handling [\#448](https://github.com/anchore/syft/pull/448) ([wagoodman](https://github.com/wagoodman)) + +**Fixed bugs:** + +- Disk space not freed after syft command [\#416](https://github.com/anchore/syft/issues/416) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/syft:latest` +- `docker pull anchore/syft:v0.18.0` +- `docker pull anchore/syft:v0` - `docker pull anchore/syft:v0.18` diff --git a/content/docs/releases/syft/v0.19.0.md b/content/docs/releases/syft/v0.19.0.md index 605c379a..943957ca 100644 --- a/content/docs/releases/syft/v0.19.0.md +++ b/content/docs/releases/syft/v0.19.0.md @@ -11,24 +11,23 @@ description = "Release notes for syft v0.19.0" Version [v0.19.0](https://github.com/anchore/syft/releases/tag/v0.19.0) -## [v0.19.0](https://github.com/anchore/syft/tree/v0.19.0) (2021-06-29) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.18.0...v0.19.0) - -**Enhancements:** -- Support Scanning a root filesystem [\#283](https://github.com/anchore/syft/issues/283) - -**Fixed bugs:** -- Disk space not freed after syft command [\#416](https://github.com/anchore/syft/issues/416) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/syft:latest` -- `docker pull anchore/syft:v0.19.0` -- `docker pull anchore/syft:v0` +## [v0.19.0](https://github.com/anchore/syft/tree/v0.19.0) (2021-06-29) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.18.0...v0.19.0) + +**Enhancements:** + +- Support Scanning a root filesystem [\#283](https://github.com/anchore/syft/issues/283) + +**Fixed bugs:** + +- Disk space not freed after syft command [\#416](https://github.com/anchore/syft/issues/416) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/syft:latest` +- `docker pull anchore/syft:v0.19.0` +- `docker pull anchore/syft:v0` - `docker pull anchore/syft:v0.19` diff --git a/content/docs/releases/syft/v0.19.1.md b/content/docs/releases/syft/v0.19.1.md index 1c5d1abc..61b494ca 100644 --- a/content/docs/releases/syft/v0.19.1.md +++ b/content/docs/releases/syft/v0.19.1.md @@ -11,23 +11,20 @@ description = "Release notes for syft v0.19.1" Version [v0.19.1](https://github.com/anchore/syft/releases/tag/v0.19.1) -## [v0.19.1](https://github.com/anchore/syft/tree/v0.19.1) (2021-06-30) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.19.0...v0.19.1) - -**Fixed bugs:** - -- Redirect cursor hide/show to stderr [\#456](https://github.com/anchore/syft/pull/456) ([wagoodman](https://github.com/wagoodman)) -- Add help message when no arguments are provided [\#455](https://github.com/anchore/syft/pull/455) ([wagoodman](https://github.com/wagoodman)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/syft:latest` -- `docker pull anchore/syft:v0.19.1` -- `docker pull anchore/syft:v0` +## [v0.19.1](https://github.com/anchore/syft/tree/v0.19.1) (2021-06-30) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.19.0...v0.19.1) + +**Fixed bugs:** + +- Redirect cursor hide/show to stderr [\#456](https://github.com/anchore/syft/pull/456) ([wagoodman](https://github.com/wagoodman)) +- Add help message when no arguments are provided [\#455](https://github.com/anchore/syft/pull/455) ([wagoodman](https://github.com/wagoodman)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/syft:latest` +- `docker pull anchore/syft:v0.19.1` +- `docker pull anchore/syft:v0` - `docker pull anchore/syft:v0.19` diff --git a/content/docs/releases/syft/v0.2.0.md b/content/docs/releases/syft/v0.2.0.md index 264162a6..d525f618 100644 --- a/content/docs/releases/syft/v0.2.0.md +++ b/content/docs/releases/syft/v0.2.0.md @@ -11,18 +11,17 @@ description = "Release notes for syft v0.2.0" Version [v0.2.0](https://github.com/anchore/syft/releases/tag/v0.2.0) -## [v0.2.0](https://github.com/anchore/syft/tree/v0.2.0) (2020-10-08) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.1.0...v0.2.0) - -**Implemented enhancements:** - -- Support cataloging `gemspec` files [\#197](https://github.com/anchore/syft/issues/197) -- Fix acceptance tests & add notification upon failures [\#204](https://github.com/anchore/syft/pull/204) ([wagoodman](https://github.com/wagoodman)) - -**Fixed bugs:** - -- Add acceptance test to cover gem cataloger [\#207](https://github.com/anchore/syft/pull/207) ([wagoodman](https://github.com/wagoodman)) - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.2.0](https://github.com/anchore/syft/tree/v0.2.0) (2020-10-08) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.1.0...v0.2.0) + +**Implemented enhancements:** + +- Support cataloging `gemspec` files [\#197](https://github.com/anchore/syft/issues/197) +- Fix acceptance tests & add notification upon failures [\#204](https://github.com/anchore/syft/pull/204) ([wagoodman](https://github.com/wagoodman)) + +**Fixed bugs:** + +- Add acceptance test to cover gem cataloger [\#207](https://github.com/anchore/syft/pull/207) ([wagoodman](https://github.com/wagoodman)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.20.0.md b/content/docs/releases/syft/v0.20.0.md index 8b1756b7..204ca279 100644 --- a/content/docs/releases/syft/v0.20.0.md +++ b/content/docs/releases/syft/v0.20.0.md @@ -11,29 +11,26 @@ description = "Release notes for syft v0.20.0" Version [v0.20.0](https://github.com/anchore/syft/releases/tag/v0.20.0) -## [v0.20.0](https://github.com/anchore/syft/tree/v0.20.0) (2021-08-18) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.19.1...v0.20.0) - -**Implemented enhancements:** - -- Enhance CPE generation to improve downstream matching in grype [\#471](https://github.com/anchore/syft/issues/471) -- Add option to enable http connection to registries [\#482](https://github.com/anchore/syft/pull/482) ([kzantow](https://github.com/kzantow)) - -**Fixed bugs:** - -- Running syft without arguments doesn't display help text [\#454](https://github.com/anchore/syft/issues/454) -- Use of asterisk in CPEs leading to many false positives in vulnerability matching in grype [\#396](https://github.com/anchore/syft/issues/396) -- Fix directory resolver indexer to report one progressable object [\#457](https://github.com/anchore/syft/pull/457) ([wagoodman](https://github.com/wagoodman)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/syft:latest` -- `docker pull anchore/syft:v0.20.0` -- `docker pull anchore/syft:v0` +## [v0.20.0](https://github.com/anchore/syft/tree/v0.20.0) (2021-08-18) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.19.1...v0.20.0) + +**Implemented enhancements:** + +- Enhance CPE generation to improve downstream matching in grype [\#471](https://github.com/anchore/syft/issues/471) +- Add option to enable http connection to registries [\#482](https://github.com/anchore/syft/pull/482) ([kzantow](https://github.com/kzantow)) + +**Fixed bugs:** + +- Running syft without arguments doesn't display help text [\#454](https://github.com/anchore/syft/issues/454) +- Use of asterisk in CPEs leading to many false positives in vulnerability matching in grype [\#396](https://github.com/anchore/syft/issues/396) +- Fix directory resolver indexer to report one progressable object [\#457](https://github.com/anchore/syft/pull/457) ([wagoodman](https://github.com/wagoodman)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/syft:latest` +- `docker pull anchore/syft:v0.20.0` +- `docker pull anchore/syft:v0` - `docker pull anchore/syft:v0.20` diff --git a/content/docs/releases/syft/v0.21.0.md b/content/docs/releases/syft/v0.21.0.md index 6f45ae81..4d4a017e 100644 --- a/content/docs/releases/syft/v0.21.0.md +++ b/content/docs/releases/syft/v0.21.0.md @@ -11,25 +11,23 @@ description = "Release notes for syft v0.21.0" Version [v0.21.0](https://github.com/anchore/syft/releases/tag/v0.21.0) -## [v0.21.0](https://github.com/anchore/syft/tree/v0.21.0) (2021-08-20) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.20.0...v0.21.0) - -**Implemented enhancements:** - -- Add Pipenv support \(Pipfile.lock\) [\#242](https://github.com/anchore/syft/issues/242) - -**Fixed bugs:** - -- Only "top level" lock files should be inspected for NPM packages [\#431](https://github.com/anchore/syft/issues/431) - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/syft:latest` -- `docker pull anchore/syft:v0.21.0` -- `docker pull anchore/syft:v0` +## [v0.21.0](https://github.com/anchore/syft/tree/v0.21.0) (2021-08-20) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.20.0...v0.21.0) + +**Implemented enhancements:** + +- Add Pipenv support \(Pipfile.lock\) [\#242](https://github.com/anchore/syft/issues/242) + +**Fixed bugs:** + +- Only "top level" lock files should be inspected for NPM packages [\#431](https://github.com/anchore/syft/issues/431) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/syft:latest` +- `docker pull anchore/syft:v0.21.0` +- `docker pull anchore/syft:v0` - `docker pull anchore/syft:v0.21` diff --git a/content/docs/releases/syft/v0.23.0.md b/content/docs/releases/syft/v0.23.0.md index 05a5c936..fdcf753e 100644 --- a/content/docs/releases/syft/v0.23.0.md +++ b/content/docs/releases/syft/v0.23.0.md @@ -11,30 +11,27 @@ description = "Release notes for syft v0.23.0" Version [v0.23.0](https://github.com/anchore/syft/releases/tag/v0.23.0) -## [v0.23.0](https://github.com/anchore/syft/tree/v0.23.0) (2021-09-13) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.21.0...v0.23.0) - -**Implemented enhancements:** - -- Allow syft to populate distro data for all types [\#499](https://github.com/anchore/syft/issues/499) -- Add directory source to power-user subcommand [\#467](https://github.com/anchore/syft/pull/467) ([houdini91](https://github.com/houdini91)) -- Updated the distro package to include SLES [\#489](https://github.com/anchore/syft/pull/489) ([Toure](https://github.com/Toure)) -- Modify CPE vendor candidate generation approach [\#484](https://github.com/anchore/syft/pull/484) ([wagoodman](https://github.com/wagoodman)) - - -**Fixed bugs:** - -- Distro not detected for centos:6 [\#429](https://github.com/anchore/syft/issues/429) -- On a purl a name must be a percent-encoded string [\#351](https://github.com/anchore/syft/issues/351) -- Cataloging root dir takes a very long time [\#119](https://github.com/anchore/syft/issues/119) - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/syft:v0.23.0` -- `docker pull anchore/syft:v0` +## [v0.23.0](https://github.com/anchore/syft/tree/v0.23.0) (2021-09-13) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.21.0...v0.23.0) + +**Implemented enhancements:** + +- Allow syft to populate distro data for all types [\#499](https://github.com/anchore/syft/issues/499) +- Add directory source to power-user subcommand [\#467](https://github.com/anchore/syft/pull/467) ([houdini91](https://github.com/houdini91)) +- Updated the distro package to include SLES [\#489](https://github.com/anchore/syft/pull/489) ([Toure](https://github.com/Toure)) +- Modify CPE vendor candidate generation approach [\#484](https://github.com/anchore/syft/pull/484) ([wagoodman](https://github.com/wagoodman)) + +**Fixed bugs:** + +- Distro not detected for centos:6 [\#429](https://github.com/anchore/syft/issues/429) +- On a purl a name must be a percent-encoded string [\#351](https://github.com/anchore/syft/issues/351) +- Cataloging root dir takes a very long time [\#119](https://github.com/anchore/syft/issues/119) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/syft:v0.23.0` +- `docker pull anchore/syft:v0` - `docker pull anchore/syft:v0.23` diff --git a/content/docs/releases/syft/v0.24.0.md b/content/docs/releases/syft/v0.24.0.md index be71c386..fc1ec5c3 100644 --- a/content/docs/releases/syft/v0.24.0.md +++ b/content/docs/releases/syft/v0.24.0.md @@ -11,26 +11,23 @@ description = "Release notes for syft v0.24.0" Version [v0.24.0](https://github.com/anchore/syft/releases/tag/v0.24.0) -## [v0.24.0](https://github.com/anchore/syft/tree/v0.24.0) (2021-09-23) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.23.0...v0.24.0) - -**Implemented enhancements:** - -- Populate Files and Relationship fields for spdx-json output [\#507](https://github.com/anchore/syft/pull/507) ([spiffcs](https://github.com/spiffcs)) - -**Fixed bugs:** - -- Filter out CPE product candidates that are asterisks [\#513](https://github.com/anchore/syft/pull/513) ([wagoodman](https://github.com/wagoodman)) -- lower log file permissions to 0644 [\#511](https://github.com/anchore/syft/pull/511) ([spiffcs](https://github.com/spiffcs)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/syft:v0.24.0` -- `docker pull anchore/syft:v0` +## [v0.24.0](https://github.com/anchore/syft/tree/v0.24.0) (2021-09-23) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.23.0...v0.24.0) + +**Implemented enhancements:** + +- Populate Files and Relationship fields for spdx-json output [\#507](https://github.com/anchore/syft/pull/507) ([spiffcs](https://github.com/spiffcs)) + +**Fixed bugs:** + +- Filter out CPE product candidates that are asterisks [\#513](https://github.com/anchore/syft/pull/513) ([wagoodman](https://github.com/wagoodman)) +- lower log file permissions to 0644 [\#511](https://github.com/anchore/syft/pull/511) ([spiffcs](https://github.com/spiffcs)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/syft:v0.24.0` +- `docker pull anchore/syft:v0` - `docker pull anchore/syft:v0.24` diff --git a/content/docs/releases/syft/v0.24.1.md b/content/docs/releases/syft/v0.24.1.md index 46162f29..b5318241 100644 --- a/content/docs/releases/syft/v0.24.1.md +++ b/content/docs/releases/syft/v0.24.1.md @@ -11,21 +11,20 @@ description = "Release notes for syft v0.24.1" Version [v0.24.1](https://github.com/anchore/syft/releases/tag/v0.24.1) -## [v0.24.1](https://github.com/anchore/syft/tree/v0.24.1) (2021-09-27) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.24.0...v0.24.1) - -**Fixed bugs:** - -- Add vendor + product known good CPE field values [\#517](https://github.com/anchore/syft/pull/517) ([wagoodman](https://github.com/wagoodman)) - -- Prevent invalid CPE field values [\#514](https://github.com/anchore/syft/pull/514) ([luhring]( https://github.com/luhring)) - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/syft:v0.24.1` -- `docker pull anchore/syft:v0` +## [v0.24.1](https://github.com/anchore/syft/tree/v0.24.1) (2021-09-27) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.24.0...v0.24.1) + +**Fixed bugs:** + +- Add vendor + product known good CPE field values [\#517](https://github.com/anchore/syft/pull/517) ([wagoodman](https://github.com/wagoodman)) + +- Prevent invalid CPE field values [\#514](https://github.com/anchore/syft/pull/514) ([luhring](https://github.com/luhring)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/syft:v0.24.1` +- `docker pull anchore/syft:v0` - `docker pull anchore/syft:v0.24` diff --git a/content/docs/releases/syft/v0.25.0.md b/content/docs/releases/syft/v0.25.0.md index fa4e760f..20f29655 100644 --- a/content/docs/releases/syft/v0.25.0.md +++ b/content/docs/releases/syft/v0.25.0.md @@ -11,29 +11,28 @@ description = "Release notes for syft v0.25.0" Version [v0.25.0](https://github.com/anchore/syft/releases/tag/v0.25.0) -## [v0.25.0](https://github.com/anchore/syft/tree/v0.25.0) (2021-10-07) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.24.1...v0.25.0) - -**Implemented enhancements:** - -- Catalog Go modules used in Go binaries [\#434](https://github.com/anchore/syft/pull/534) ([wagoodman](https://github.com/wagoodman)) ([spiffcs](https://github.com/spiffcs)) -- Add option to output SBOM report to a file [\#530](https://github.com/anchore/syft/pull/530) ([wagoodman](https://github.com/wagoodman)) -- Extend license mapping for common SPDX license names [\#509](https://github.com/anchore/syft/pull/509) ([spiffcs](https://github.com/spiffcs)) - -**Fixed bugs:** - -- SPDX output is not consistently sorted [\#522](https://github.com/anchore/syft/pull/522) ([spiffcs](https://github.com/spiffcs)) -- Missing/incorrect SPDX fields: DocumentName, DocumentNamespace [\#528](https://github.com/anchore/syft/pull/528) ([spiffcs](https://github.com/spiffcs)) -- Allow file digests instances to be optional for alpine metadata [\#531](https://github.com/anchore/syft/pull/531) ([wagoodman](https://github.com/wagoodman)) -- Stable sort package CPE array \(JSON and SPDX\) [\#522](https://github.com/anchore/syft/pull/522) ([spiffcs](https://github.com/spiffcs)) -- Remove go and rust catalogers from image cataloger set [\#539](https://github.com/anchore/syft/pull/539) ([spiffcs](https://github.com/spiffcs)) - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/syft:v0.25.0` -- `docker pull anchore/syft:v0` +## [v0.25.0](https://github.com/anchore/syft/tree/v0.25.0) (2021-10-07) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.24.1...v0.25.0) + +**Implemented enhancements:** + +- Catalog Go modules used in Go binaries [\#434](https://github.com/anchore/syft/pull/534) ([wagoodman](https://github.com/wagoodman)) ([spiffcs](https://github.com/spiffcs)) +- Add option to output SBOM report to a file [\#530](https://github.com/anchore/syft/pull/530) ([wagoodman](https://github.com/wagoodman)) +- Extend license mapping for common SPDX license names [\#509](https://github.com/anchore/syft/pull/509) ([spiffcs](https://github.com/spiffcs)) + +**Fixed bugs:** + +- SPDX output is not consistently sorted [\#522](https://github.com/anchore/syft/pull/522) ([spiffcs](https://github.com/spiffcs)) +- Missing/incorrect SPDX fields: DocumentName, DocumentNamespace [\#528](https://github.com/anchore/syft/pull/528) ([spiffcs](https://github.com/spiffcs)) +- Allow file digests instances to be optional for alpine metadata [\#531](https://github.com/anchore/syft/pull/531) ([wagoodman](https://github.com/wagoodman)) +- Stable sort package CPE array \(JSON and SPDX\) [\#522](https://github.com/anchore/syft/pull/522) ([spiffcs](https://github.com/spiffcs)) +- Remove go and rust catalogers from image cataloger set [\#539](https://github.com/anchore/syft/pull/539) ([spiffcs](https://github.com/spiffcs)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/syft:v0.25.0` +- `docker pull anchore/syft:v0` - `docker pull anchore/syft:v0.25` diff --git a/content/docs/releases/syft/v0.26.0.md b/content/docs/releases/syft/v0.26.0.md index 36c1d38f..85482bad 100644 --- a/content/docs/releases/syft/v0.26.0.md +++ b/content/docs/releases/syft/v0.26.0.md @@ -11,26 +11,23 @@ description = "Release notes for syft v0.26.0" Version [v0.26.0](https://github.com/anchore/syft/releases/tag/v0.26.0) -## [v0.26.0](https://github.com/anchore/syft/tree/v0.26.0) (2021-10-15) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.25.0...v0.26.0) - -**Implemented enhancements:** - -- Capture additional go package data [\#540](https://github.com/anchore/syft/issues/540) -- provide github-action [\#340](https://github.com/anchore/syft/issues/340) - -**Fixed bugs:** - -- Remove go and rust catalogers from image cataloger set [\#464](https://github.com/anchore/syft/issues/464) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* - - -## Docker images - -- `docker pull anchore/syft:v0.26.0` -- `docker pull anchore/syft:v0` +## [v0.26.0](https://github.com/anchore/syft/tree/v0.26.0) (2021-10-15) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.25.0...v0.26.0) + +**Implemented enhancements:** + +- Capture additional go package data [\#540](https://github.com/anchore/syft/issues/540) +- provide github-action [\#340](https://github.com/anchore/syft/issues/340) + +**Fixed bugs:** + +- Remove go and rust catalogers from image cataloger set [\#464](https://github.com/anchore/syft/issues/464) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ + +## Docker images + +- `docker pull anchore/syft:v0.26.0` +- `docker pull anchore/syft:v0` - `docker pull anchore/syft:v0.26` diff --git a/content/docs/releases/syft/v0.27.0.md b/content/docs/releases/syft/v0.27.0.md index e274d1d3..bec707e7 100644 --- a/content/docs/releases/syft/v0.27.0.md +++ b/content/docs/releases/syft/v0.27.0.md @@ -11,17 +11,16 @@ description = "Release notes for syft v0.27.0" Version [v0.27.0](https://github.com/anchore/syft/releases/tag/v0.27.0) -## [v0.27.0](https://github.com/anchore/syft/tree/v0.27.0) (2021-10-21) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.26.0...v0.27.0) - -## Added Features - -- Windows support [[Issue #380](https://github.com/anchore/syft/issues/380)] - - -## Docker images - -- `docker pull anchore/syft:v0.27.0` -- `docker pull anchore/syft:v0` +## [v0.27.0](https://github.com/anchore/syft/tree/v0.27.0) (2021-10-21) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.26.0...v0.27.0) + +## Added Features + +- Windows support [[Issue #380](https://github.com/anchore/syft/issues/380)] + +## Docker images + +- `docker pull anchore/syft:v0.27.0` +- `docker pull anchore/syft:v0` - `docker pull anchore/syft:v0.27` diff --git a/content/docs/releases/syft/v0.28.0.md b/content/docs/releases/syft/v0.28.0.md index 6bd0ecef..77311206 100644 --- a/content/docs/releases/syft/v0.28.0.md +++ b/content/docs/releases/syft/v0.28.0.md @@ -11,18 +11,16 @@ description = "Release notes for syft v0.28.0" Version [v0.28.0](https://github.com/anchore/syft/releases/tag/v0.28.0) -## [v0.28.0](https://github.com/anchore/syft/tree/v0.28.0) (2021-10-28) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.27.0...v0.28.0) - -## Added Features - -- Replace changelog generator in release process [[Issue #575](https://github.com/anchore/syft/issues/575)] -- add auto-completion [[Issue #594](https://github.com/anchore/syft/issues/594)] -- add arm64 support for new version[[Issue #597](https://github.com/anchore/syft/issues/597)] - - - -## Docker images - +## [v0.28.0](https://github.com/anchore/syft/tree/v0.28.0) (2021-10-28) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.27.0...v0.28.0) + +## Added Features + +- Replace changelog generator in release process [[Issue #575](https://github.com/anchore/syft/issues/575)] +- add auto-completion [[Issue #594](https://github.com/anchore/syft/issues/594)] +- add arm64 support for new version[[Issue #597](https://github.com/anchore/syft/issues/597)] + +## Docker images + - `docker pull anchore/syft:v0.28.0` diff --git a/content/docs/releases/syft/v0.29.0.md b/content/docs/releases/syft/v0.29.0.md index a433bbb2..7cf8e7fc 100644 --- a/content/docs/releases/syft/v0.29.0.md +++ b/content/docs/releases/syft/v0.29.0.md @@ -11,17 +11,15 @@ description = "Release notes for syft v0.29.0" Version [v0.29.0](https://github.com/anchore/syft/releases/tag/v0.29.0) -## [v0.29.0](https://github.com/anchore/syft/tree/v0.29.0) (2021-10-31) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.28.0...v0.29.0) - -## Added Features - -- Stabilize package identifier based on contents [[Issue #363](https://github.com/anchore/syft/issues/363)] -- Unhide auto-completion command [[Issue #594](https://github.com/anchore/syft/issues/594)] - - - -## Docker images - +## [v0.29.0](https://github.com/anchore/syft/tree/v0.29.0) (2021-10-31) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.28.0...v0.29.0) + +## Added Features + +- Stabilize package identifier based on contents [[Issue #363](https://github.com/anchore/syft/issues/363)] +- Unhide auto-completion command [[Issue #594](https://github.com/anchore/syft/issues/594)] + +## Docker images + - `docker pull anchore/syft:v0.29.0` diff --git a/content/docs/releases/syft/v0.3.0.md b/content/docs/releases/syft/v0.3.0.md index 71c7641f..eb65b6c1 100644 --- a/content/docs/releases/syft/v0.3.0.md +++ b/content/docs/releases/syft/v0.3.0.md @@ -11,21 +11,20 @@ description = "Release notes for syft v0.3.0" Version [v0.3.0](https://github.com/anchore/syft/releases/tag/v0.3.0) -## [v0.3.0](https://github.com/anchore/syft/tree/v0.3.0) (2020-10-15) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.2.0...v0.3.0) - -**Implemented enhancements:** - -- Update install script arguments for proper argument processing [\#211](https://github.com/anchore/syft/pull/211) ([wagoodman](https://github.com/wagoodman)) -- Run checks on PRs from forks [\#210](https://github.com/anchore/syft/pull/210) ([wagoodman](https://github.com/wagoodman)) -- Fix acceptance tests & add notification upon failures [\#204](https://github.com/anchore/syft/pull/204) ([wagoodman](https://github.com/wagoodman)) -- Add homepage field as output to the gemspec metadata [\#214](https://github.com/anchore/syft/issues/214) - -**Fixed bugs:** - -- Cataloger apkdb-cataloger failed to parse entries [\#212](https://github.com/anchore/syft/issues/212) -- Allow for gemspec metadata fields to be optional [\#218](https://github.com/anchore/syft/pull/218) ([wagoodman](https://github.com/wagoodman)) - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.3.0](https://github.com/anchore/syft/tree/v0.3.0) (2020-10-15) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.2.0...v0.3.0) + +**Implemented enhancements:** + +- Update install script arguments for proper argument processing [\#211](https://github.com/anchore/syft/pull/211) ([wagoodman](https://github.com/wagoodman)) +- Run checks on PRs from forks [\#210](https://github.com/anchore/syft/pull/210) ([wagoodman](https://github.com/wagoodman)) +- Fix acceptance tests & add notification upon failures [\#204](https://github.com/anchore/syft/pull/204) ([wagoodman](https://github.com/wagoodman)) +- Add homepage field as output to the gemspec metadata [\#214](https://github.com/anchore/syft/issues/214) + +**Fixed bugs:** + +- Cataloger apkdb-cataloger failed to parse entries [\#212](https://github.com/anchore/syft/issues/212) +- Allow for gemspec metadata fields to be optional [\#218](https://github.com/anchore/syft/pull/218) ([wagoodman](https://github.com/wagoodman)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.30.1.md b/content/docs/releases/syft/v0.30.1.md index 08483596..eed5cc07 100644 --- a/content/docs/releases/syft/v0.30.1.md +++ b/content/docs/releases/syft/v0.30.1.md @@ -11,21 +11,22 @@ description = "Release notes for syft v0.30.1" Version [v0.30.1](https://github.com/anchore/syft/releases/tag/v0.30.1) -## [v0.30.1](https://github.com/anchore/syft/tree/v0.30.1) (2021-11-15) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.29.0...v0.30.1) - -## Added Features -- support external registry configuration [[Issue #502](https://github.com/anchore/syft/issues/502)] -- Allow cataloging from a single file [[Issue #541](https://github.com/anchore/syft/issues/541)] - -## Bug Fixes - -- Analysis of "docker" image fails [[Issue #287](https://github.com/anchore/syft/issues/287)] -- Indexing blocked on named pipe [[Issue #568](https://github.com/anchore/syft/issues/568)] -- Syft indexing should ignore non-regular files [[Issue #615](https://github.com/anchore/syft/issues/615)] -- Go module with AllLayers only giving RealPath information [[Issue #619](https://github.com/anchore/syft/issues/619)] - -## Docker images - +## [v0.30.1](https://github.com/anchore/syft/tree/v0.30.1) (2021-11-15) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.29.0...v0.30.1) + +## Added Features + +- support external registry configuration [[Issue #502](https://github.com/anchore/syft/issues/502)] +- Allow cataloging from a single file [[Issue #541](https://github.com/anchore/syft/issues/541)] + +## Bug Fixes + +- Analysis of "docker" image fails [[Issue #287](https://github.com/anchore/syft/issues/287)] +- Indexing blocked on named pipe [[Issue #568](https://github.com/anchore/syft/issues/568)] +- Syft indexing should ignore non-regular files [[Issue #615](https://github.com/anchore/syft/issues/615)] +- Go module with AllLayers only giving RealPath information [[Issue #619](https://github.com/anchore/syft/issues/619)] + +## Docker images + - `docker pull anchore/syft:v0.30.1` diff --git a/content/docs/releases/syft/v0.31.0.md b/content/docs/releases/syft/v0.31.0.md index 907b8873..3b1a359a 100644 --- a/content/docs/releases/syft/v0.31.0.md +++ b/content/docs/releases/syft/v0.31.0.md @@ -11,25 +11,22 @@ description = "Release notes for syft v0.31.0" Version [v0.31.0](https://github.com/anchore/syft/releases/tag/v0.31.0) -## [v0.31.0](https://github.com/anchore/syft/tree/v0.31.0) (2021-12-03) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.30.1...v0.31.0) - -## Added Features - -- Catalog archive contents for single-file input [[PR #637](https://github.com/anchore/syft/pull/637)] [[wagoodman](https://github.com/wagoodman)] -- Promote cataloging task pattern [[Issue #554](https://github.com/anchore/syft/issues/554)] -- Prefer artifact relationships over package relationships [[Issue #556](https://github.com/anchore/syft/issues/556)] -- Media type for Syft SBoM JSON format [[Issue #612](https://github.com/anchore/syft/issues/612)] -- Support for PHP/composer installed.json files [[Issue #642](https://github.com/anchore/syft/issues/642)] - -## Bug Fixes - -- SPDX2.2 JSON format should not use UUID random [[Issue #622](https://github.com/anchore/syft/issues/622)] - - - - -## Docker images - +## [v0.31.0](https://github.com/anchore/syft/tree/v0.31.0) (2021-12-03) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.30.1...v0.31.0) + +## Added Features + +- Catalog archive contents for single-file input [[PR #637](https://github.com/anchore/syft/pull/637)] [[wagoodman](https://github.com/wagoodman)] +- Promote cataloging task pattern [[Issue #554](https://github.com/anchore/syft/issues/554)] +- Prefer artifact relationships over package relationships [[Issue #556](https://github.com/anchore/syft/issues/556)] +- Media type for Syft SBoM JSON format [[Issue #612](https://github.com/anchore/syft/issues/612)] +- Support for PHP/composer installed.json files [[Issue #642](https://github.com/anchore/syft/issues/642)] + +## Bug Fixes + +- SPDX2.2 JSON format should not use UUID random [[Issue #622](https://github.com/anchore/syft/issues/622)] + +## Docker images + - `docker pull anchore/syft:v0.31.0` diff --git a/content/docs/releases/syft/v0.32.0.md b/content/docs/releases/syft/v0.32.0.md index 578fdf0c..7c1074c3 100644 --- a/content/docs/releases/syft/v0.32.0.md +++ b/content/docs/releases/syft/v0.32.0.md @@ -11,22 +11,21 @@ description = "Release notes for syft v0.32.0" Version [v0.32.0](https://github.com/anchore/syft/releases/tag/v0.32.0) -## [v0.32.0](https://github.com/anchore/syft/tree/v0.32.0) (2021-12-08) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.31.0...v0.32.0) - -## Added Features - -- Add cataloging of macho multi-architecture binaries [[PR #657](https://github.com/anchore/syft/pull/657)] [[wagoodman](https://github.com/wagoodman)] -- Swap cycloneDX lib for an official lib [[Issue #535](https://github.com/anchore/syft/issues/535)] -- Add an output type for CycloneDX JSON format [[Issue #631](https://github.com/anchore/syft/issues/631)] -- Adding AlmaLinux OS Support [[PR #652 ](https://github.com/anchore/syft/pull/652)] [[srbala](https://github.com/srbala)] - -## Bug Fixes - -- Fix panic from reading nonexistent debian config file [[PR #658](https://github.com/anchore/syft/pull/658)] [[wagoodman](https://github.com/wagoodman)] - - -## Docker images - +## [v0.32.0](https://github.com/anchore/syft/tree/v0.32.0) (2021-12-08) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.31.0...v0.32.0) + +## Added Features + +- Add cataloging of macho multi-architecture binaries [[PR #657](https://github.com/anchore/syft/pull/657)] [[wagoodman](https://github.com/wagoodman)] +- Swap cycloneDX lib for an official lib [[Issue #535](https://github.com/anchore/syft/issues/535)] +- Add an output type for CycloneDX JSON format [[Issue #631](https://github.com/anchore/syft/issues/631)] +- Adding AlmaLinux OS Support [[PR #652 ](https://github.com/anchore/syft/pull/652)] [[srbala](https://github.com/srbala)] + +## Bug Fixes + +- Fix panic from reading nonexistent debian config file [[PR #658](https://github.com/anchore/syft/pull/658)] [[wagoodman](https://github.com/wagoodman)] + +## Docker images + - `docker pull anchore/syft:v0.32.0` diff --git a/content/docs/releases/syft/v0.32.1.md b/content/docs/releases/syft/v0.32.1.md index 90038051..6fa3e822 100644 --- a/content/docs/releases/syft/v0.32.1.md +++ b/content/docs/releases/syft/v0.32.1.md @@ -11,17 +11,16 @@ description = "Release notes for syft v0.32.1" Version [v0.32.1](https://github.com/anchore/syft/releases/tag/v0.32.1) -## [v0.32.1](https://github.com/anchore/syft/tree/v0.32.1) (2021-12-14) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.32.0...v0.32.1) - -## Bug Fixes - -- Missing versions for java packages [[Issue #666](https://github.com/anchore/syft/issues/666)] -- Hang when encountering symlink (in /run/udev/) to a character device (in /dev/) [[Issue #665](https://github.com/anchore/syft/issues/665)] -- Indexing should ignore non-regular files [[Issue #615](https://github.com/anchore/syft/issues/615)] - - -## Docker images - +## [v0.32.1](https://github.com/anchore/syft/tree/v0.32.1) (2021-12-14) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.32.0...v0.32.1) + +## Bug Fixes + +- Missing versions for java packages [[Issue #666](https://github.com/anchore/syft/issues/666)] +- Hang when encountering symlink (in /run/udev/) to a character device (in /dev/) [[Issue #665](https://github.com/anchore/syft/issues/665)] +- Indexing should ignore non-regular files [[Issue #615](https://github.com/anchore/syft/issues/615)] + +## Docker images + - `docker pull anchore/syft:v0.32.1` diff --git a/content/docs/releases/syft/v0.32.2.md b/content/docs/releases/syft/v0.32.2.md index ac134762..e625880b 100644 --- a/content/docs/releases/syft/v0.32.2.md +++ b/content/docs/releases/syft/v0.32.2.md @@ -11,17 +11,16 @@ description = "Release notes for syft v0.32.2" Version [v0.32.2](https://github.com/anchore/syft/releases/tag/v0.32.2) -## [v0.32.2](https://github.com/anchore/syft/tree/v0.32.2) (2021-12-14) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.32.1...v0.32.2) - -## Bug Fixes - -- Handle extra empty lines in Java manifest parsing [[PR #687](https://github.com/anchore/syft/pull/687)] [[luhring](https://github.com/luhring)] -- Installation via install.sh on Mac M1 is not working [[Issue #684](https://github.com/anchore/syft/issues/684)] -- Prefer warning over erroring out when parsing java manifests [[PR #688](https://github.com/anchore/syft/pull/688)] [[wagoodman](https://github.com/wagoodman)] - - -## Docker images - +## [v0.32.2](https://github.com/anchore/syft/tree/v0.32.2) (2021-12-14) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.32.1...v0.32.2) + +## Bug Fixes + +- Handle extra empty lines in Java manifest parsing [[PR #687](https://github.com/anchore/syft/pull/687)] [[luhring](https://github.com/luhring)] +- Installation via install.sh on Mac M1 is not working [[Issue #684](https://github.com/anchore/syft/issues/684)] +- Prefer warning over erroring out when parsing java manifests [[PR #688](https://github.com/anchore/syft/pull/688)] [[wagoodman](https://github.com/wagoodman)] + +## Docker images + - `docker pull anchore/syft:v0.32.2` diff --git a/content/docs/releases/syft/v0.33.0.md b/content/docs/releases/syft/v0.33.0.md index 87460b1a..d9d4aa48 100644 --- a/content/docs/releases/syft/v0.33.0.md +++ b/content/docs/releases/syft/v0.33.0.md @@ -11,16 +11,14 @@ description = "Release notes for syft v0.33.0" Version [v0.33.0](https://github.com/anchore/syft/releases/tag/v0.33.0) -## [v0.33.0](https://github.com/anchore/syft/tree/v0.33.0) (2021-12-16) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.32.2...v0.33.0) - -## Bug Fixes - -- Cataloging large images is taking too long [[Issue #688](https://github.com/anchore/syft/issues/696)] - - - -## Docker images - +## [v0.33.0](https://github.com/anchore/syft/tree/v0.33.0) (2021-12-16) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.32.2...v0.33.0) + +## Bug Fixes + +- Cataloging large images is taking too long [[Issue #688](https://github.com/anchore/syft/issues/696)] + +## Docker images + - `docker pull anchore/syft:v0.33.0` diff --git a/content/docs/releases/syft/v0.34.0.md b/content/docs/releases/syft/v0.34.0.md index bcd84255..239ef18d 100644 --- a/content/docs/releases/syft/v0.34.0.md +++ b/content/docs/releases/syft/v0.34.0.md @@ -11,16 +11,16 @@ description = "Release notes for syft v0.34.0" Version [v0.34.0](https://github.com/anchore/syft/releases/tag/v0.34.0) -## [v0.34.0](https://github.com/anchore/syft/tree/v0.34.0) (2021-12-22) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.33.0...v0.34.0) - -## Added Features - -- Exclude path option [[Issue #221](https://github.com/anchore/syft/issues/221)] -- Syft verbose log version [[Issue #664](https://github.com/anchore/syft/issues/664)] -- pip should support vcs url [[Issue #679](https://github.com/anchore/syft/issues/679)] - -## Bug Fixes - +## [v0.34.0](https://github.com/anchore/syft/tree/v0.34.0) (2021-12-22) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.33.0...v0.34.0) + +## Added Features + +- Exclude path option [[Issue #221](https://github.com/anchore/syft/issues/221)] +- Syft verbose log version [[Issue #664](https://github.com/anchore/syft/issues/664)] +- pip should support vcs url [[Issue #679](https://github.com/anchore/syft/issues/679)] + +## Bug Fixes + - Misleading error message when oci-archive scheme used on non-OCI archives [[Issue #701](https://github.com/anchore/syft/issues/701)] diff --git a/content/docs/releases/syft/v0.35.0.md b/content/docs/releases/syft/v0.35.0.md index 5668322a..307fb2c5 100644 --- a/content/docs/releases/syft/v0.35.0.md +++ b/content/docs/releases/syft/v0.35.0.md @@ -11,26 +11,24 @@ description = "Release notes for syft v0.35.0" Version [v0.35.0](https://github.com/anchore/syft/releases/tag/v0.35.0) -## [v0.35.0](https://github.com/anchore/syft/tree/v0.35.0) (2022-01-07) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.34.0...v0.35.0) - -## Added Features - -- support .par for java ecosystems [[PR #727](https://github.com/anchore/syft/pull/727)] [[westonsteimel](https://github.com/westonsteimel)] -- Add support for searching for jars within archives [[PR #734](https://github.com/anchore/syft/pull/734)] [[wagoodman](https://github.com/wagoodman)] -- Add lpkg as java package format [[Issue #682](https://github.com/anchore/syft/issues/682)] -- Add alias for --version flag [[Issue #700](https://github.com/anchore/syft/issues/700)] -- Support generating multiple BOM files in different formats within a run [[Issue #325](https://github.com/anchore/syft/issues/325)] - -## Bug Fixes - -- Failed to parse CPE - unbind formatted string [[Issue #426](https://github.com/anchore/syft/issues/426)] -- Unable to catalog .jar files on Windows [[Issue #683](https://github.com/anchore/syft/issues/683)] -- Generating invalid CPEs for debs and rpms with epochs [[Issue #712](https://github.com/anchore/syft/issues/712)] - - - -## Docker images - +## [v0.35.0](https://github.com/anchore/syft/tree/v0.35.0) (2022-01-07) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.34.0...v0.35.0) + +## Added Features + +- support .par for java ecosystems [[PR #727](https://github.com/anchore/syft/pull/727)] [[westonsteimel](https://github.com/westonsteimel)] +- Add support for searching for jars within archives [[PR #734](https://github.com/anchore/syft/pull/734)] [[wagoodman](https://github.com/wagoodman)] +- Add lpkg as java package format [[Issue #682](https://github.com/anchore/syft/issues/682)] +- Add alias for --version flag [[Issue #700](https://github.com/anchore/syft/issues/700)] +- Support generating multiple BOM files in different formats within a run [[Issue #325](https://github.com/anchore/syft/issues/325)] + +## Bug Fixes + +- Failed to parse CPE - unbind formatted string [[Issue #426](https://github.com/anchore/syft/issues/426)] +- Unable to catalog .jar files on Windows [[Issue #683](https://github.com/anchore/syft/issues/683)] +- Generating invalid CPEs for debs and rpms with epochs [[Issue #712](https://github.com/anchore/syft/issues/712)] + +## Docker images + - `docker pull anchore/syft:v0.35.0` diff --git a/content/docs/releases/syft/v0.35.1.md b/content/docs/releases/syft/v0.35.1.md index b390a406..a2268e26 100644 --- a/content/docs/releases/syft/v0.35.1.md +++ b/content/docs/releases/syft/v0.35.1.md @@ -11,11 +11,12 @@ description = "Release notes for syft v0.35.1" Version [v0.35.1](https://github.com/anchore/syft/releases/tag/v0.35.1) -## [v0.35.1](https://github.com/anchore/syft/tree/v0.35.1) (2022-01-10) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.35.0...v0.35.1) -- Update Containerd dependency to fix GHSA-mvff-h3cj-wj9c - -## Docker images - +## [v0.35.1](https://github.com/anchore/syft/tree/v0.35.1) (2022-01-10) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.35.0...v0.35.1) + +- Update Containerd dependency to fix GHSA-mvff-h3cj-wj9c + +## Docker images + - `docker pull anchore/syft:v0.35.1` diff --git a/content/docs/releases/syft/v0.36.0.md b/content/docs/releases/syft/v0.36.0.md index 5eb821c1..1922394e 100644 --- a/content/docs/releases/syft/v0.36.0.md +++ b/content/docs/releases/syft/v0.36.0.md @@ -11,23 +11,23 @@ description = "Release notes for syft v0.36.0" Version [v0.36.0](https://github.com/anchore/syft/releases/tag/v0.36.0) -## [v0.36.0](https://github.com/anchore/syft/tree/v0.36.0) (2022-01-19) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.35.1...v0.36.0) - -## Added Features - -- Add additional PHP metadata [[PR #753](https://github.com/anchore/syft/pull/753)] [[wagoodman](https://github.com/wagoodman)] -- Remove strong distro type [[Issue #342](https://github.com/anchore/syft/issues/342)] -- Support more java artifact extensions [[Issue #728](https://github.com/anchore/syft/issues/728)] -- Upgrade CycloneDX Output [[Issue #710](https://github.com/anchore/syft/issues/710)] -- Make syft JSON metadataType and metadata fields optional [[PR #752](https://github.com/anchore/syft/pull/752)] - -## Bug Fixes - -- Missing checksums for other than Linux in 0.35.0 release [[Issue #739](https://github.com/anchore/syft/issues/739)] -- Add support for "file" source type in syftjson unmarshaling [[PR #750](https://github.com/anchore/syft/pull/750)] - -## Docker images - +## [v0.36.0](https://github.com/anchore/syft/tree/v0.36.0) (2022-01-19) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.35.1...v0.36.0) + +## Added Features + +- Add additional PHP metadata [[PR #753](https://github.com/anchore/syft/pull/753)] [[wagoodman](https://github.com/wagoodman)] +- Remove strong distro type [[Issue #342](https://github.com/anchore/syft/issues/342)] +- Support more java artifact extensions [[Issue #728](https://github.com/anchore/syft/issues/728)] +- Upgrade CycloneDX Output [[Issue #710](https://github.com/anchore/syft/issues/710)] +- Make syft JSON metadataType and metadata fields optional [[PR #752](https://github.com/anchore/syft/pull/752)] + +## Bug Fixes + +- Missing checksums for other than Linux in 0.35.0 release [[Issue #739](https://github.com/anchore/syft/issues/739)] +- Add support for "file" source type in syftjson unmarshaling [[PR #750](https://github.com/anchore/syft/pull/750)] + +## Docker images + - `docker pull anchore/syft:v0.36.0` diff --git a/content/docs/releases/syft/v0.37.10.md b/content/docs/releases/syft/v0.37.10.md index e1f959a0..c147157c 100644 --- a/content/docs/releases/syft/v0.37.10.md +++ b/content/docs/releases/syft/v0.37.10.md @@ -11,15 +11,15 @@ description = "Release notes for syft v0.37.10" Version [v0.37.10](https://github.com/anchore/syft/releases/tag/v0.37.10) -## [v0.37.10](https://github.com/anchore/syft/tree/v0.37.10) (2022-02-08) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.36.0...v0.37.10) - -## Added Features - -- Add distro information to package URLs for OS packages [[PR #754](https://github.com/anchore/syft/pull/754)] [[wagoodman](https://github.com/wagoodman)] -- Encode upstream qualifier on OS package pURLs [[PR #769](https://github.com/anchore/syft/pull/769)] [[wagoodman](https://github.com/wagoodman)] -- Extract language and package type from pURLs on SBOM decode [[PR #777](https://github.com/anchore/syft/pull/777)] [[wagoodman](https://github.com/wagoodman)] -- Update SPDX license list to 3.16 [[PR #801](https://github.com/anchore/syft/pull/801)] [[kzantow](https://github.com/kzantow)] -- Extend CycloneDX presenters with syft-specific values [[Issue #154](https://github.com/anchore/syft/issues/154)] +## [v0.37.10](https://github.com/anchore/syft/tree/v0.37.10) (2022-02-08) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.36.0...v0.37.10) + +## Added Features + +- Add distro information to package URLs for OS packages [[PR #754](https://github.com/anchore/syft/pull/754)] [[wagoodman](https://github.com/wagoodman)] +- Encode upstream qualifier on OS package pURLs [[PR #769](https://github.com/anchore/syft/pull/769)] [[wagoodman](https://github.com/wagoodman)] +- Extract language and package type from pURLs on SBOM decode [[PR #777](https://github.com/anchore/syft/pull/777)] [[wagoodman](https://github.com/wagoodman)] +- Update SPDX license list to 3.16 [[PR #801](https://github.com/anchore/syft/pull/801)] [[kzantow](https://github.com/kzantow)] +- Extend CycloneDX presenters with syft-specific values [[Issue #154](https://github.com/anchore/syft/issues/154)] - Extend CycloneDX presenter with dependency graph [[Issue #155](https://github.com/anchore/syft/issues/155)] diff --git a/content/docs/releases/syft/v0.38.0.md b/content/docs/releases/syft/v0.38.0.md index 1e6a0e5f..162fc0e0 100644 --- a/content/docs/releases/syft/v0.38.0.md +++ b/content/docs/releases/syft/v0.38.0.md @@ -11,17 +11,17 @@ description = "Release notes for syft v0.38.0" Version [v0.38.0](https://github.com/anchore/syft/releases/tag/v0.38.0) -## [v0.38.0](https://github.com/anchore/syft/tree/v0.38.0) (2022-02-15) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.37.10...v0.38.0) - -## Added Features - -- Upgrade golang to 1.17 [[PR #809](https://github.com/anchore/syft/pull/809)] [[spiffcs](https://github.com/spiffcs)] -- Add pURL generation for java packages + fix NPM pURL generation [[PR #812](https://github.com/anchore/syft/pull/812)] [[wagoodman](https://github.com/wagoodman)] - -## Bug Fixes - -- use SYFT_LOG_FILE env var [[PR #805](https://github.com/anchore/syft/pull/805)] [[jonasagx](https://github.com/jonasagx)] -- Syft stuck on some images (also affecting grype) [[Issue #764](https://github.com/anchore/syft/issues/764)] +## [v0.38.0](https://github.com/anchore/syft/tree/v0.38.0) (2022-02-15) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.37.10...v0.38.0) + +## Added Features + +- Upgrade golang to 1.17 [[PR #809](https://github.com/anchore/syft/pull/809)] [[spiffcs](https://github.com/spiffcs)] +- Add pURL generation for java packages + fix NPM pURL generation [[PR #812](https://github.com/anchore/syft/pull/812)] [[wagoodman](https://github.com/wagoodman)] + +## Bug Fixes + +- use SYFT_LOG_FILE env var [[PR #805](https://github.com/anchore/syft/pull/805)] [[jonasagx](https://github.com/jonasagx)] +- Syft stuck on some images (also affecting grype) [[Issue #764](https://github.com/anchore/syft/issues/764)] - Missing the metadata field for Kubernetes pod usage [[Issue #787](https://github.com/anchore/syft/issues/787)] diff --git a/content/docs/releases/syft/v0.39.3.md b/content/docs/releases/syft/v0.39.3.md index e1f8d107..04c670c4 100644 --- a/content/docs/releases/syft/v0.39.3.md +++ b/content/docs/releases/syft/v0.39.3.md @@ -11,20 +11,20 @@ description = "Release notes for syft v0.39.3" Version [v0.39.3](https://github.com/anchore/syft/releases/tag/v0.39.3) -## [v0.39.3](https://github.com/anchore/syft/tree/v0.39.3) (2022-02-26) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.38.0...v0.39.3) - -## Added Features - -- Allow for CPE strings that can later be sanitized [[PR #844](https://github.com/anchore/syft/pull/844)] [[wagoodman](https://github.com/wagoodman)] -- Ability to sign or attest the generated SBOM [[Issue #510](https://github.com/anchore/syft/issues/510)] - -## Bug Fixes - -- Resolve symlinks when fetching file contents [[PR #782](https://github.com/anchore/syft/pull/782)] [[wagoodman](https://github.com/wagoodman)] -- Add exception for handlebars java package to generate nodejs CPE [[PR #837](https://github.com/anchore/syft/pull/837)] [[wagoodman](https://github.com/wagoodman)] -- Do not generate empty CPEs for non-compliant CPE fields [[PR #850](https://github.com/anchore/syft/pull/850)] [[spiffcs](https://github.com/spiffcs)] -- unable to catalog dpkg package=/var/lib/dpkg/status [[Issue #733](https://github.com/anchore/syft/issues/733)] -- Deduplicate docker image manifests [[Issue #825](https://github.com/anchore/syft/issues/825)] +## [v0.39.3](https://github.com/anchore/syft/tree/v0.39.3) (2022-02-26) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.38.0...v0.39.3) + +## Added Features + +- Allow for CPE strings that can later be sanitized [[PR #844](https://github.com/anchore/syft/pull/844)] [[wagoodman](https://github.com/wagoodman)] +- Ability to sign or attest the generated SBOM [[Issue #510](https://github.com/anchore/syft/issues/510)] + +## Bug Fixes + +- Resolve symlinks when fetching file contents [[PR #782](https://github.com/anchore/syft/pull/782)] [[wagoodman](https://github.com/wagoodman)] +- Add exception for handlebars java package to generate nodejs CPE [[PR #837](https://github.com/anchore/syft/pull/837)] [[wagoodman](https://github.com/wagoodman)] +- Do not generate empty CPEs for non-compliant CPE fields [[PR #850](https://github.com/anchore/syft/pull/850)] [[spiffcs](https://github.com/spiffcs)] +- unable to catalog dpkg package=/var/lib/dpkg/status [[Issue #733](https://github.com/anchore/syft/issues/733)] +- Deduplicate docker image manifests [[Issue #825](https://github.com/anchore/syft/issues/825)] - scan crash with panic: runtime error: index out of range [1] with length 1 when parsing invalid formatted requirements.txt file [[Issue #831](https://github.com/anchore/syft/issues/831)] diff --git a/content/docs/releases/syft/v0.4.0.md b/content/docs/releases/syft/v0.4.0.md index 9c71a139..38ac7c3a 100644 --- a/content/docs/releases/syft/v0.4.0.md +++ b/content/docs/releases/syft/v0.4.0.md @@ -11,20 +11,18 @@ description = "Release notes for syft v0.4.0" Version [v0.4.0](https://github.com/anchore/syft/releases/tag/v0.4.0) -## [v0.4.0](https://github.com/anchore/syft/tree/v0.4.0) (2020-10-23) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.3.0...v0.4.0) - -**Implemented enhancements:** - -- Enhance python cataloger to be image/directory aware [\#205](https://github.com/anchore/syft/issues/205) -- Add support for package.json [\#200](https://github.com/anchore/syft/issues/200) -- Enable CodeQL Security Scan [\#222](https://github.com/anchore/syft/pull/222) ([VinodAnandan](https://github.com/VinodAnandan)) - -**Fixed bugs:** - -- Reduce number of open files while processing nested java archives [\#227](https://github.com/anchore/syft/pull/227) ([wagoodman](https://github.com/wagoodman)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.4.0](https://github.com/anchore/syft/tree/v0.4.0) (2020-10-23) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.3.0...v0.4.0) + +**Implemented enhancements:** + +- Enhance python cataloger to be image/directory aware [\#205](https://github.com/anchore/syft/issues/205) +- Add support for package.json [\#200](https://github.com/anchore/syft/issues/200) +- Enable CodeQL Security Scan [\#222](https://github.com/anchore/syft/pull/222) ([VinodAnandan](https://github.com/VinodAnandan)) + +**Fixed bugs:** + +- Reduce number of open files while processing nested java archives [\#227](https://github.com/anchore/syft/pull/227) ([wagoodman](https://github.com/wagoodman)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.4.1.md b/content/docs/releases/syft/v0.4.1.md index d79c8f08..075142a5 100644 --- a/content/docs/releases/syft/v0.4.1.md +++ b/content/docs/releases/syft/v0.4.1.md @@ -11,15 +11,13 @@ description = "Release notes for syft v0.4.1" Version [v0.4.1](https://github.com/anchore/syft/releases/tag/v0.4.1) -## [v0.4.1](https://github.com/anchore/syft/tree/v0.4.1) (2020-10-26) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.4.0...v0.4.1) - -**Fixed bugs:** - -- errors+failures parsing `package.json` files [\#230](https://github.com/anchore/syft/issues/230) -- Update doublestar to include fix for open dirs issue [\#240](https://github.com/anchore/syft/pull/240) ([luhring](https://github.com/luhring)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.4.1](https://github.com/anchore/syft/tree/v0.4.1) (2020-10-26) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.4.0...v0.4.1) + +**Fixed bugs:** + +- errors+failures parsing `package.json` files [\#230](https://github.com/anchore/syft/issues/230) +- Update doublestar to include fix for open dirs issue [\#240](https://github.com/anchore/syft/pull/240) ([luhring](https://github.com/luhring)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.40.0.md b/content/docs/releases/syft/v0.40.0.md index e9b763e7..caa656d8 100644 --- a/content/docs/releases/syft/v0.40.0.md +++ b/content/docs/releases/syft/v0.40.0.md @@ -11,15 +11,15 @@ description = "Release notes for syft v0.40.0" Version [v0.40.0](https://github.com/anchore/syft/releases/tag/v0.40.0) -## [v0.40.0](https://github.com/anchore/syft/tree/v0.40.0) (2022-03-02) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.39.3...v0.40.0) - -## Added Features - -- Add support for multiple CPEs in CycloneDX [[Issue #818](https://github.com/anchore/syft/issues/818)] -- Use syft property namespace in CycloneDX [[Issue #842](https://github.com/anchore/syft/issues/842)] - -## Bug Fixes - +## [v0.40.0](https://github.com/anchore/syft/tree/v0.40.0) (2022-03-02) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.39.3...v0.40.0) + +## Added Features + +- Add support for multiple CPEs in CycloneDX [[Issue #818](https://github.com/anchore/syft/issues/818)] +- Use syft property namespace in CycloneDX [[Issue #842](https://github.com/anchore/syft/issues/842)] + +## Bug Fixes + - Wrong digest used for in-toto statement subject when using Docker daemon source [[Issue #855](https://github.com/anchore/syft/issues/855)] diff --git a/content/docs/releases/syft/v0.40.1.md b/content/docs/releases/syft/v0.40.1.md index e4c3b1ac..04f49e02 100644 --- a/content/docs/releases/syft/v0.40.1.md +++ b/content/docs/releases/syft/v0.40.1.md @@ -11,10 +11,10 @@ description = "Release notes for syft v0.40.1" Version [v0.40.1](https://github.com/anchore/syft/releases/tag/v0.40.1) -## [v0.40.1](https://github.com/anchore/syft/tree/v0.40.1) (2022-03-04) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.40.0...v0.40.1) - -## Bug Fixes - +## [v0.40.1](https://github.com/anchore/syft/tree/v0.40.1) (2022-03-04) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.40.0...v0.40.1) + +## Bug Fixes + - Correct SPDX-JSON checksum algorithm [[PR #863](https://github.com/anchore/syft/pull/863)] [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/syft/v0.41.0.md b/content/docs/releases/syft/v0.41.0.md index f27616dc..537f4480 100644 --- a/content/docs/releases/syft/v0.41.0.md +++ b/content/docs/releases/syft/v0.41.0.md @@ -11,14 +11,14 @@ description = "Release notes for syft v0.41.0" Version [v0.41.0](https://github.com/anchore/syft/releases/tag/v0.41.0) -## [v0.41.0](https://github.com/anchore/syft/tree/v0.41.0) (2022-03-07) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.40.1...v0.41.0) - -## Added Features - -- Add platform selection [[PR #866](https://github.com/anchore/syft/pull/866)] [[wagoodman](https://github.com/wagoodman)] - -## Bug Fixes - +## [v0.41.0](https://github.com/anchore/syft/tree/v0.41.0) (2022-03-07) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.40.1...v0.41.0) + +## Added Features + +- Add platform selection [[PR #866](https://github.com/anchore/syft/pull/866)] [[wagoodman](https://github.com/wagoodman)] + +## Bug Fixes + - Include root path in directory resolve index [[PR #869](https://github.com/anchore/syft/pull/869)] [[wagoodman](https://github.com/wagoodman)] diff --git a/content/docs/releases/syft/v0.41.1.md b/content/docs/releases/syft/v0.41.1.md index 7eca0791..4657a40c 100644 --- a/content/docs/releases/syft/v0.41.1.md +++ b/content/docs/releases/syft/v0.41.1.md @@ -11,10 +11,10 @@ description = "Release notes for syft v0.41.1" Version [v0.41.1](https://github.com/anchore/syft/releases/tag/v0.41.1) -## [v0.41.1](https://github.com/anchore/syft/tree/v0.41.1) (2022-03-08) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.41.0...v0.41.1) - -## Bug Fixes - +## [v0.41.1](https://github.com/anchore/syft/tree/v0.41.1) (2022-03-08) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.41.0...v0.41.1) + +## Bug Fixes + - Fix file creation for output options [[PR #875](https://github.com/anchore/syft/pull/875)] [[wagoodman](https://github.com/wagoodman)] diff --git a/content/docs/releases/syft/v0.41.4.md b/content/docs/releases/syft/v0.41.4.md index e93dc137..576c0ba9 100644 --- a/content/docs/releases/syft/v0.41.4.md +++ b/content/docs/releases/syft/v0.41.4.md @@ -11,17 +11,17 @@ description = "Release notes for syft v0.41.4" Version [v0.41.4](https://github.com/anchore/syft/releases/tag/v0.41.4) -## [v0.41.4](https://github.com/anchore/syft/tree/v0.41.4) (2022-03-11) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.41.1...v0.41.4) - -## Added Features - -- Support Yarn v3 [[PR #868](https://github.com/anchore/syft/pull/868)] [[cipher-ardvark](https://github.com/cipher-ardvark)] -- Update to CycloneDX 1.4 [[Issue #744](https://github.com/anchore/syft/issues/744)] [[samj1912](https://github.com/samj1912)] - -## Bug Fixes - -- Correct CycloneDX distro decoding, test relationships [[PR #745](https://github.com/anchore/syft/pull/745)] [[kzantow](https://github.com/kzantow)] -- RPM Epoch should be optional in the json schema [[PR #880](https://github.com/anchore/syft/pull/880)] [[wagoodman](https://github.com/wagoodman)] +## [v0.41.4](https://github.com/anchore/syft/tree/v0.41.4) (2022-03-11) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.41.1...v0.41.4) + +## Added Features + +- Support Yarn v3 [[PR #868](https://github.com/anchore/syft/pull/868)] [[cipher-ardvark](https://github.com/cipher-ardvark)] +- Update to CycloneDX 1.4 [[Issue #744](https://github.com/anchore/syft/issues/744)] [[samj1912](https://github.com/samj1912)] + +## Bug Fixes + +- Correct CycloneDX distro decoding, test relationships [[PR #745](https://github.com/anchore/syft/pull/745)] [[kzantow](https://github.com/kzantow)] +- RPM Epoch should be optional in the json schema [[PR #880](https://github.com/anchore/syft/pull/880)] [[wagoodman](https://github.com/wagoodman)] - `syft packages` fails to catalog golang binary's modules for binary built with vendored modules [[Issue #871](https://github.com/anchore/syft/issues/871)] [[fg-j](https://github.com/fg-j)] diff --git a/content/docs/releases/syft/v0.41.5.md b/content/docs/releases/syft/v0.41.5.md index 5319b4a5..f928ace8 100644 --- a/content/docs/releases/syft/v0.41.5.md +++ b/content/docs/releases/syft/v0.41.5.md @@ -11,10 +11,10 @@ description = "Release notes for syft v0.41.5" Version [v0.41.5](https://github.com/anchore/syft/releases/tag/v0.41.5) -## [v0.41.5](https://github.com/anchore/syft/tree/v0.41.5) (2022-03-15) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.41.4...v0.41.5) - -## Bug Fixes - +## [v0.41.5](https://github.com/anchore/syft/tree/v0.41.5) (2022-03-15) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.41.4...v0.41.5) + +## Bug Fixes + - NPM PURLs are invalid [[PR #832](https://github.com/anchore/syft/pull/832)] [[houdini91](https://github.com/houdini91)] diff --git a/content/docs/releases/syft/v0.41.6.md b/content/docs/releases/syft/v0.41.6.md index cf414b9d..7f2166bc 100644 --- a/content/docs/releases/syft/v0.41.6.md +++ b/content/docs/releases/syft/v0.41.6.md @@ -11,10 +11,10 @@ description = "Release notes for syft v0.41.6" Version [v0.41.6](https://github.com/anchore/syft/releases/tag/v0.41.6) -## [v0.41.6](https://github.com/anchore/syft/tree/v0.41.6) (2022-03-16) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.41.5...v0.41.6) - -## Bug Fixes - +## [v0.41.6](https://github.com/anchore/syft/tree/v0.41.6) (2022-03-16) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.41.5...v0.41.6) + +## Bug Fixes + - Fix panic parsing CycloneDX [[PR #892](https://github.com/anchore/syft/pull/892)] [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/syft/v0.42.0.md b/content/docs/releases/syft/v0.42.0.md index 589c038a..d536b4bb 100644 --- a/content/docs/releases/syft/v0.42.0.md +++ b/content/docs/releases/syft/v0.42.0.md @@ -11,14 +11,14 @@ description = "Release notes for syft v0.42.0" Version [v0.42.0](https://github.com/anchore/syft/releases/tag/v0.42.0) -## [v0.42.0](https://github.com/anchore/syft/tree/v0.42.0) (2022-03-17) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.41.6...v0.42.0) - -## Added Features - -- Capture additional go 1.18 based binary information [[Issue #718](https://github.com/anchore/syft/issues/718)] [[jonasagx](https://github.com/jonasagx)] - -## Bug Fixes - +## [v0.42.0](https://github.com/anchore/syft/tree/v0.42.0) (2022-03-17) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.41.6...v0.42.0) + +## Added Features + +- Capture additional go 1.18 based binary information [[Issue #718](https://github.com/anchore/syft/issues/718)] [[jonasagx](https://github.com/jonasagx)] + +## Bug Fixes + - Fix panic when CycloneDX BOM missing metadata.component [[#895](https://github.com/anchore/syft/pull/895)] [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/syft/v0.42.1.md b/content/docs/releases/syft/v0.42.1.md index f0890ee4..9cf76e3b 100644 --- a/content/docs/releases/syft/v0.42.1.md +++ b/content/docs/releases/syft/v0.42.1.md @@ -11,12 +11,12 @@ description = "Release notes for syft v0.42.1" Version [v0.42.1](https://github.com/anchore/syft/releases/tag/v0.42.1) -## [v0.42.1](https://github.com/anchore/syft/tree/v0.42.1) (2022-03-21) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.42.0...v0.42.1) - -## Bug Fixes - -- Fix CycloneDX license decoding [[PR #898](https://github.com/anchore/syft/pull/898)] [[kzantow](https://github.com/kzantow)] -- Fix image cleanup when there is an error [[PR #905](https://github.com/anchore/syft/pull/905)] [[wagoodman](https://github.com/wagoodman)] +## [v0.42.1](https://github.com/anchore/syft/tree/v0.42.1) (2022-03-21) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.42.0...v0.42.1) + +## Bug Fixes + +- Fix CycloneDX license decoding [[PR #898](https://github.com/anchore/syft/pull/898)] [[kzantow](https://github.com/kzantow)] +- Fix image cleanup when there is an error [[PR #905](https://github.com/anchore/syft/pull/905)] [[wagoodman](https://github.com/wagoodman)] - Omit H1Digest when empty [[PR #902](https://github.com/anchore/syft/pull/902)] [[jonasagx](https://github.com/jonasagx)] diff --git a/content/docs/releases/syft/v0.42.2.md b/content/docs/releases/syft/v0.42.2.md index 30065ddc..4d9d4316 100644 --- a/content/docs/releases/syft/v0.42.2.md +++ b/content/docs/releases/syft/v0.42.2.md @@ -11,10 +11,10 @@ description = "Release notes for syft v0.42.2" Version [v0.42.2](https://github.com/anchore/syft/releases/tag/v0.42.2) -## [v0.42.2](https://github.com/anchore/syft/tree/v0.42.2) (2022-03-22) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.42.1...v0.42.2) - -## Added Features - +## [v0.42.2](https://github.com/anchore/syft/tree/v0.42.2) (2022-03-22) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.42.1...v0.42.2) + +## Added Features + - Improve docker config support [[PR #906](https://github.com/anchore/syft/pull/906)] [[wagoodman](https://github.com/wagoodman)] diff --git a/content/docs/releases/syft/v0.42.3.md b/content/docs/releases/syft/v0.42.3.md index 989f5c04..205e0905 100644 --- a/content/docs/releases/syft/v0.42.3.md +++ b/content/docs/releases/syft/v0.42.3.md @@ -11,10 +11,10 @@ description = "Release notes for syft v0.42.3" Version [v0.42.3](https://github.com/anchore/syft/releases/tag/v0.42.3) -## [v0.42.3](https://github.com/anchore/syft/tree/v0.42.3) (2022-03-23) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.42.2...v0.42.3) - -## Bug Fixes - +## [v0.42.3](https://github.com/anchore/syft/tree/v0.42.3) (2022-03-23) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.42.2...v0.42.3) + +## Bug Fixes + - Less verbose logging in Golang Cataloger [[PR #904](https://github.com/anchore/syft/pull/904)] [[jonasagx](https://github.com/jonasagx)] diff --git a/content/docs/releases/syft/v0.42.4.md b/content/docs/releases/syft/v0.42.4.md index 6a1a6755..0a5cf435 100644 --- a/content/docs/releases/syft/v0.42.4.md +++ b/content/docs/releases/syft/v0.42.4.md @@ -11,10 +11,11 @@ description = "Release notes for syft v0.42.4" Version [v0.42.4](https://github.com/anchore/syft/releases/tag/v0.42.4) -## [v0.42.4](https://github.com/anchore/syft/tree/v0.42.4) (2022-03-24) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.42.3...v0.42.4) - -## Bug Fixes -- Fix panic on empty sbom [[PR #917](https://github.com/anchore/syft/pull/917)] [[luhring](https://github.com/luhring)] +## [v0.42.4](https://github.com/anchore/syft/tree/v0.42.4) (2022-03-24) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.42.3...v0.42.4) + +## Bug Fixes + +- Fix panic on empty sbom [[PR #917](https://github.com/anchore/syft/pull/917)] [[luhring](https://github.com/luhring)] - bump strset version to fix 386 builds [[PR #911](https://github.com/anchore/syft/pull/911)] [[wagoodman](https://github.com/wagoodman)] diff --git a/content/docs/releases/syft/v0.43.0.md b/content/docs/releases/syft/v0.43.0.md index cee4bd50..b14e534f 100644 --- a/content/docs/releases/syft/v0.43.0.md +++ b/content/docs/releases/syft/v0.43.0.md @@ -11,16 +11,16 @@ description = "Release notes for syft v0.43.0" Version [v0.43.0](https://github.com/anchore/syft/releases/tag/v0.43.0) -## [v0.43.0](https://github.com/anchore/syft/tree/v0.43.0) (2022-03-31) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.42.4...v0.43.0) - -## Added Features - -- Add dart support [[PR #919](https://github.com/anchore/syft/pull/919)] [[ericlarssen-wf](https://github.com/ericlarssen-wf)] -- Add list of supported package managers or catalogers to the README for simpler reference [[Issue #913](https://github.com/anchore/syft/issues/913)] - -## Bug Fixes - -- Pull from DockerHub fails for public images when using SSO [[PR #928](https://github.com/anchore/syft/pull/928)] [[wagoodman](https://github.com/wagoodman)] +## [v0.43.0](https://github.com/anchore/syft/tree/v0.43.0) (2022-03-31) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.42.4...v0.43.0) + +## Added Features + +- Add dart support [[PR #919](https://github.com/anchore/syft/pull/919)] [[ericlarssen-wf](https://github.com/ericlarssen-wf)] +- Add list of supported package managers or catalogers to the README for simpler reference [[Issue #913](https://github.com/anchore/syft/issues/913)] + +## Bug Fixes + +- Pull from DockerHub fails for public images when using SSO [[PR #928](https://github.com/anchore/syft/pull/928)] [[wagoodman](https://github.com/wagoodman)] - Panic in DirectoryResolver indexPath due to null info parameter [[Issue #872](https://github.com/anchore/syft/issues/872)] diff --git a/content/docs/releases/syft/v0.43.2.md b/content/docs/releases/syft/v0.43.2.md index 5ce98395..50a689d3 100644 --- a/content/docs/releases/syft/v0.43.2.md +++ b/content/docs/releases/syft/v0.43.2.md @@ -11,10 +11,10 @@ description = "Release notes for syft v0.43.2" Version [v0.43.2](https://github.com/anchore/syft/releases/tag/v0.43.2) -## [v0.43.2](https://github.com/anchore/syft/tree/v0.43.2) (2022-04-06) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.43.0...v0.43.2) - -## Bug Fixes - +## [v0.43.2](https://github.com/anchore/syft/tree/v0.43.2) (2022-04-06) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.43.0...v0.43.2) + +## Bug Fixes + - Pulls from private DockerHub repo fails with 0.43.0 when working with 0.42.4 [[Issue #936](https://github.com/anchore/syft/issues/936)] diff --git a/content/docs/releases/syft/v0.44.0.md b/content/docs/releases/syft/v0.44.0.md index 8e72bed5..2b5e8345 100644 --- a/content/docs/releases/syft/v0.44.0.md +++ b/content/docs/releases/syft/v0.44.0.md @@ -11,11 +11,11 @@ description = "Release notes for syft v0.44.0" Version [v0.44.0](https://github.com/anchore/syft/releases/tag/v0.44.0) -## [v0.44.0](https://github.com/anchore/syft/tree/v0.44.0) (2022-04-12) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.43.2...v0.44.0) - -## Added Features - -- Detect Java Namespaces/Group IDs by hash [[Issue #887](https://github.com/anchore/syft/issues/887)] +## [v0.44.0](https://github.com/anchore/syft/tree/v0.44.0) (2022-04-12) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.43.2...v0.44.0) + +## Added Features + +- Detect Java Namespaces/Group IDs by hash [[Issue #887](https://github.com/anchore/syft/issues/887)] - Add additional Vendors for Springframework [[PR #947 ](https://github.com/anchore/syft/pull/945)] diff --git a/content/docs/releases/syft/v0.44.1.md b/content/docs/releases/syft/v0.44.1.md index 66cb0793..821ebe32 100644 --- a/content/docs/releases/syft/v0.44.1.md +++ b/content/docs/releases/syft/v0.44.1.md @@ -11,11 +11,11 @@ description = "Release notes for syft v0.44.1" Version [v0.44.1](https://github.com/anchore/syft/releases/tag/v0.44.1) -## [v0.44.1](https://github.com/anchore/syft/tree/v0.44.1) (2022-04-15) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.44.0...v0.44.1) - -## Bug Fixes - -- Invalid SPDXID (contains an underscore) [[Issue #949](https://github.com/anchore/syft/issues/949)] -- Invalid SPDXID (contains a slash) [[Issue #952](https://github.com/anchore/syft/issues/952)] +## [v0.44.1](https://github.com/anchore/syft/tree/v0.44.1) (2022-04-15) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.44.0...v0.44.1) + +## Bug Fixes + +- Invalid SPDXID (contains an underscore) [[Issue #949](https://github.com/anchore/syft/issues/949)] +- Invalid SPDXID (contains a slash) [[Issue #952](https://github.com/anchore/syft/issues/952)] diff --git a/content/docs/releases/syft/v0.45.0.md b/content/docs/releases/syft/v0.45.0.md index f4374e3e..940fe23d 100644 --- a/content/docs/releases/syft/v0.45.0.md +++ b/content/docs/releases/syft/v0.45.0.md @@ -11,15 +11,15 @@ description = "Release notes for syft v0.45.0" Version [v0.45.0](https://github.com/anchore/syft/releases/tag/v0.45.0) -## [v0.45.0](https://github.com/anchore/syft/tree/v0.45.0) (2022-04-29) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.44.1...v0.45.0) - -## Added Features - -- Preserve package IDs on Syft JSON SBOM decode [[PR #963](https://github.com/anchore/syft/pull/963)] [[wagoodman](https://github.com/wagoodman)] -- refactor command package to remove globals and add dependency injection [[PR #965](https://github.com/anchore/syft/pull/965)] [[spiffcs](https://github.com/spiffcs)] - -## Bug Fixes - +## [v0.45.0](https://github.com/anchore/syft/tree/v0.45.0) (2022-04-29) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.44.1...v0.45.0) + +## Added Features + +- Preserve package IDs on Syft JSON SBOM decode [[PR #963](https://github.com/anchore/syft/pull/963)] [[wagoodman](https://github.com/wagoodman)] +- refactor command package to remove globals and add dependency injection [[PR #965](https://github.com/anchore/syft/pull/965)] [[spiffcs](https://github.com/spiffcs)] + +## Bug Fixes + - Decoding of sparse CycloneDX does not set language [[Issue #953](https://github.com/anchore/syft/issues/953)] diff --git a/content/docs/releases/syft/v0.45.1.md b/content/docs/releases/syft/v0.45.1.md index ffde829f..bcd236ee 100644 --- a/content/docs/releases/syft/v0.45.1.md +++ b/content/docs/releases/syft/v0.45.1.md @@ -11,12 +11,12 @@ description = "Release notes for syft v0.45.1" Version [v0.45.1](https://github.com/anchore/syft/releases/tag/v0.45.1) -## [v0.45.1](https://github.com/anchore/syft/tree/v0.45.1) (2022-05-03) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.45.0...v0.45.1) - -## Bug Fixes - -- reduce noise of log output at the info level [[PR #976](https://github.com/anchore/syft/pull/976)] [[luhring](https://github.com/luhring)] -- fix Illegal character encoding in CylconeDX-XML. [[Issue #918](https://github.com/anchore/syft/issues/918)] +## [v0.45.1](https://github.com/anchore/syft/tree/v0.45.1) (2022-05-03) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.45.0...v0.45.1) + +## Bug Fixes + +- reduce noise of log output at the info level [[PR #976](https://github.com/anchore/syft/pull/976)] [[luhring](https://github.com/luhring)] +- fix Illegal character encoding in CylconeDX-XML. [[Issue #918](https://github.com/anchore/syft/issues/918)] - update golang crypto library dependency [[Issue #972](https://github.com/anchore/syft/issues/972)] diff --git a/content/docs/releases/syft/v0.46.0.md b/content/docs/releases/syft/v0.46.0.md index 4249b860..3201cafe 100644 --- a/content/docs/releases/syft/v0.46.0.md +++ b/content/docs/releases/syft/v0.46.0.md @@ -11,18 +11,18 @@ description = "Release notes for syft v0.46.0" Version [v0.46.0](https://github.com/anchore/syft/releases/tag/v0.46.0) -## [v0.46.0](https://github.com/anchore/syft/tree/v0.46.0) (2022-05-12) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.45.1...v0.46.0) - -## Added Features - -- Support format SBOM conversion [[Issue #563](https://github.com/anchore/syft/issues/563)] -- .NET Core-Support [[Issue #726](https://github.com/anchore/syft/issues/726)] -- Support attaching attestation right after generate it [[Issue #990](https://github.com/anchore/syft/issues/990)] - -## Bug Fixes - -- Fix `github-json` output option [[PR #967](https://github.com/anchore/syft/pull/967)] [[StevenMaude](https://github.com/StevenMaude)] -- Clearing Go main module version makes creating a CycloneDX 1.3 JSON document difficult [[Issue #959](https://github.com/anchore/syft/issues/959)] +## [v0.46.0](https://github.com/anchore/syft/tree/v0.46.0) (2022-05-12) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.45.1...v0.46.0) + +## Added Features + +- Support format SBOM conversion [[Issue #563](https://github.com/anchore/syft/issues/563)] +- .NET Core-Support [[Issue #726](https://github.com/anchore/syft/issues/726)] +- Support attaching attestation right after generate it [[Issue #990](https://github.com/anchore/syft/issues/990)] + +## Bug Fixes + +- Fix `github-json` output option [[PR #967](https://github.com/anchore/syft/pull/967)] [[StevenMaude](https://github.com/StevenMaude)] +- Clearing Go main module version makes creating a CycloneDX 1.3 JSON document difficult [[Issue #959](https://github.com/anchore/syft/issues/959)] - WARN golang cataloger: failed to read buildinfo [[Issue #978](https://github.com/anchore/syft/issues/978)] diff --git a/content/docs/releases/syft/v0.46.1.md b/content/docs/releases/syft/v0.46.1.md index 7a52470b..54026da5 100644 --- a/content/docs/releases/syft/v0.46.1.md +++ b/content/docs/releases/syft/v0.46.1.md @@ -11,10 +11,10 @@ description = "Release notes for syft v0.46.1" Version [v0.46.1](https://github.com/anchore/syft/releases/tag/v0.46.1) -## [v0.46.1](https://github.com/anchore/syft/tree/v0.46.1) (2022-05-16) - -## Bug Fixes - -- Fix `Cyclone-DX` output so only valid enum values are produced. Add integration tests to cover validation. [[PR #967](https://github.com/anchore/syft/pull/1000)] [[Christopher Phillips](https://github.com/spiffcs)] - +## [v0.46.1](https://github.com/anchore/syft/tree/v0.46.1) (2022-05-16) + +## Bug Fixes + +- Fix `Cyclone-DX` output so only valid enum values are produced. Add integration tests to cover validation. [[PR #967](https://github.com/anchore/syft/pull/1000)] [[Christopher Phillips](https://github.com/spiffcs)] + [Full Changelog](https://github.com/anchore/syft/compare/v0.46.0...v0.46.1) diff --git a/content/docs/releases/syft/v0.46.2.md b/content/docs/releases/syft/v0.46.2.md index 4ca5b9ce..3116bd51 100644 --- a/content/docs/releases/syft/v0.46.2.md +++ b/content/docs/releases/syft/v0.46.2.md @@ -11,12 +11,12 @@ description = "Release notes for syft v0.46.2" Version [v0.46.2](https://github.com/anchore/syft/releases/tag/v0.46.2) -## [v0.46.2](https://github.com/anchore/syft/tree/v0.46.2) (2022-05-23) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.46.1...v0.46.2) - -## Bug Fixes - -- Wrong source when ":" character in file name [[Issue #927](https://github.com/anchore/syft/issues/927)] -- json CycloneDX invalid format [[Issue #995](https://github.com/anchore/syft/issues/995)] +## [v0.46.2](https://github.com/anchore/syft/tree/v0.46.2) (2022-05-23) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.46.1...v0.46.2) + +## Bug Fixes + +- Wrong source when ":" character in file name [[Issue #927](https://github.com/anchore/syft/issues/927)] +- json CycloneDX invalid format [[Issue #995](https://github.com/anchore/syft/issues/995)] - Invalid CycloneDX SHA1 algorithm [[Issue #1001](https://github.com/anchore/syft/issues/1001)] diff --git a/content/docs/releases/syft/v0.46.3.md b/content/docs/releases/syft/v0.46.3.md index 0a59f473..fddf877d 100644 --- a/content/docs/releases/syft/v0.46.3.md +++ b/content/docs/releases/syft/v0.46.3.md @@ -11,11 +11,11 @@ description = "Release notes for syft v0.46.3" Version [v0.46.3](https://github.com/anchore/syft/releases/tag/v0.46.3) -## [v0.46.3](https://github.com/anchore/syft/tree/v0.46.3) (2022-05-26) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.46.2...v0.46.3) - -## Bug Fixes - -- Longer CPEs for golang modules to avoid false positives [[PR #1006](https://github.com/anchore/syft/pull/1006)] [[jonasagx](https://github.com/jonasagx)] -- Package.json cataloger malformed licences dropping package [[Issue #1008](https://github.com/anchore/syft/issues/1008)] +## [v0.46.3](https://github.com/anchore/syft/tree/v0.46.3) (2022-05-26) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.46.2...v0.46.3) + +## Bug Fixes + +- Longer CPEs for golang modules to avoid false positives [[PR #1006](https://github.com/anchore/syft/pull/1006)] [[jonasagx](https://github.com/jonasagx)] +- Package.json cataloger malformed licences dropping package [[Issue #1008](https://github.com/anchore/syft/issues/1008)] diff --git a/content/docs/releases/syft/v0.47.0.md b/content/docs/releases/syft/v0.47.0.md index 205fe534..4364ebd9 100644 --- a/content/docs/releases/syft/v0.47.0.md +++ b/content/docs/releases/syft/v0.47.0.md @@ -11,18 +11,19 @@ description = "Release notes for syft v0.47.0" Version [v0.47.0](https://github.com/anchore/syft/releases/tag/v0.47.0) -## [v0.47.0](https://github.com/anchore/syft/tree/v0.47.0) (2022-06-09) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.46.3...v0.47.0) - -## Added Features - -- Support newer versions of 'rpm' that use Sqlite for the db instead of BerkeleyDB [[Issue #469](https://github.com/anchore/syft/issues/469)] -- Support 'ndb' rpm database format used in rpmdb 4.15+ [[Issue #504](https://github.com/anchore/syft/issues/504)] -- Amazon Linux 2022 [[Issue #838](https://github.com/anchore/syft/issues/838)] -- Specify the "main module" in Go binary metadata for packages [[Issue #908](https://github.com/anchore/syft/issues/908)] -- Make Syft available in the Nix Package Store (nixpkgs) [[Issue #1019](https://github.com/anchore/syft/issues/1019)] - -## Bug Fixes -- Version is `[not provided]` when encoding to most formats [[Issue #1010](https://github.com/anchore/syft/issues/1010)] +## [v0.47.0](https://github.com/anchore/syft/tree/v0.47.0) (2022-06-09) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.46.3...v0.47.0) + +## Added Features + +- Support newer versions of 'rpm' that use Sqlite for the db instead of BerkeleyDB [[Issue #469](https://github.com/anchore/syft/issues/469)] +- Support 'ndb' rpm database format used in rpmdb 4.15+ [[Issue #504](https://github.com/anchore/syft/issues/504)] +- Amazon Linux 2022 [[Issue #838](https://github.com/anchore/syft/issues/838)] +- Specify the "main module" in Go binary metadata for packages [[Issue #908](https://github.com/anchore/syft/issues/908)] +- Make Syft available in the Nix Package Store (nixpkgs) [[Issue #1019](https://github.com/anchore/syft/issues/1019)] + +## Bug Fixes + +- Version is `[not provided]` when encoding to most formats [[Issue #1010](https://github.com/anchore/syft/issues/1010)] - Panic from Syft cyclonedx format method [[Issue #1014](https://github.com/anchore/syft/issues/1014) diff --git a/content/docs/releases/syft/v0.48.0.md b/content/docs/releases/syft/v0.48.0.md index 4d7f204b..8e1c4c9a 100644 --- a/content/docs/releases/syft/v0.48.0.md +++ b/content/docs/releases/syft/v0.48.0.md @@ -17,7 +17,7 @@ Version [v0.48.0](https://github.com/anchore/syft/releases/tag/v0.48.0) ## Added Features -- Add Pacman (Arch linux package manager) support [[Issue #241](https://github.com/anchore/syft/issues/241)] +- Add Pacman (Arch linux package manager) support [[Issue #241](https://github.com/anchore/syft/issues/241)] ## Bug Fixes diff --git a/content/docs/releases/syft/v0.48.1.md b/content/docs/releases/syft/v0.48.1.md index 74c9366d..8b8cf74f 100644 --- a/content/docs/releases/syft/v0.48.1.md +++ b/content/docs/releases/syft/v0.48.1.md @@ -11,10 +11,10 @@ description = "Release notes for syft v0.48.1" Version [v0.48.1](https://github.com/anchore/syft/releases/tag/v0.48.1) -## [v0.48.1](https://github.com/anchore/syft/tree/v0.48.1) (2022-06-16) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.48.0...v0.48.1) - -## Bug Fixes - +## [v0.48.1](https://github.com/anchore/syft/tree/v0.48.1) (2022-06-16) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.48.0...v0.48.1) + +## Bug Fixes + - syft dependency graph on stereoscope upgrade [[Issue #1047](https://github.com/anchore/syft/issues/1047)]. Resolves https://github.com/advisories/GHSA-5ffw-gxpp-mxpf diff --git a/content/docs/releases/syft/v0.49.0.md b/content/docs/releases/syft/v0.49.0.md index 02c7eeeb..b58c4efd 100644 --- a/content/docs/releases/syft/v0.49.0.md +++ b/content/docs/releases/syft/v0.49.0.md @@ -11,19 +11,19 @@ description = "Release notes for syft v0.49.0" Version [v0.49.0](https://github.com/anchore/syft/releases/tag/v0.49.0) -## [v0.49.0](https://github.com/anchore/syft/tree/v0.49.0) (2022-06-24) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.48.1...v0.49.0) - -## Added Features - -- Allow user-defined output formats [[Issue #152](https://github.com/anchore/syft/issues/152)] -- Add ability to enable/disable package catalogers [[Issue #465](https://github.com/anchore/syft/issues/465)] -- Catalog packages from source pom.xml during directory scans [[Issue #676](https://github.com/anchore/syft/issues/676)] -- Enable/disable SBOM generation for specific language types [[Issue #840](https://github.com/anchore/syft/issues/840)] -- Add support for Mariner distroless images [[Issue #1044](https://github.com/anchore/syft/issues/1044)] - -## Bug Fixes - -- No results for rpm packages when run against version 9.x of redhat/almalinux [[Issue #1030](https://github.com/anchore/syft/issues/1030)] +## [v0.49.0](https://github.com/anchore/syft/tree/v0.49.0) (2022-06-24) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.48.1...v0.49.0) + +## Added Features + +- Allow user-defined output formats [[Issue #152](https://github.com/anchore/syft/issues/152)] +- Add ability to enable/disable package catalogers [[Issue #465](https://github.com/anchore/syft/issues/465)] +- Catalog packages from source pom.xml during directory scans [[Issue #676](https://github.com/anchore/syft/issues/676)] +- Enable/disable SBOM generation for specific language types [[Issue #840](https://github.com/anchore/syft/issues/840)] +- Add support for Mariner distroless images [[Issue #1044](https://github.com/anchore/syft/issues/1044)] + +## Bug Fixes + +- No results for rpm packages when run against version 9.x of redhat/almalinux [[Issue #1030](https://github.com/anchore/syft/issues/1030)] - Updates parsing of yarn.lock to use resolved URLs [[PR #926](https://github.com/anchore/syft/pull/926)] diff --git a/content/docs/releases/syft/v0.5.0.md b/content/docs/releases/syft/v0.5.0.md index d5cd4c02..c611d7af 100644 --- a/content/docs/releases/syft/v0.5.0.md +++ b/content/docs/releases/syft/v0.5.0.md @@ -11,21 +11,19 @@ description = "Release notes for syft v0.5.0" Version [v0.5.0](https://github.com/anchore/syft/releases/tag/v0.5.0) -## [v0.5.0](https://github.com/anchore/syft/tree/v0.5.0) (2020-10-30) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.4.1...v0.5.0) - -**Implemented enhancements:** - -- General Java cataloger enhancements [\#247](https://github.com/anchore/syft/pull/247) ([wagoodman](https://github.com/wagoodman)) -- Add java/npm to inline comparison [\#235](https://github.com/anchore/syft/pull/235) ([wagoodman](https://github.com/wagoodman)) - -**Fixed bugs:** - -- Java cataloger doesn't scan the top-level directory during glob matching for pom and nested archives [\#238](https://github.com/anchore/syft/issues/238) -- Java cataloger reporting packages without name and version [\#220](https://github.com/anchore/syft/issues/220) -- Java cataloger miscellaneous fixes [\#245](https://github.com/anchore/syft/pull/245) ([wagoodman](https://github.com/wagoodman)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.5.0](https://github.com/anchore/syft/tree/v0.5.0) (2020-10-30) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.4.1...v0.5.0) + +**Implemented enhancements:** + +- General Java cataloger enhancements [\#247](https://github.com/anchore/syft/pull/247) ([wagoodman](https://github.com/wagoodman)) +- Add java/npm to inline comparison [\#235](https://github.com/anchore/syft/pull/235) ([wagoodman](https://github.com/wagoodman)) + +**Fixed bugs:** + +- Java cataloger doesn't scan the top-level directory during glob matching for pom and nested archives [\#238](https://github.com/anchore/syft/issues/238) +- Java cataloger reporting packages without name and version [\#220](https://github.com/anchore/syft/issues/220) +- Java cataloger miscellaneous fixes [\#245](https://github.com/anchore/syft/pull/245) ([wagoodman](https://github.com/wagoodman)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.5.1.md b/content/docs/releases/syft/v0.5.1.md index 1a2620c7..01feb8e4 100644 --- a/content/docs/releases/syft/v0.5.1.md +++ b/content/docs/releases/syft/v0.5.1.md @@ -11,15 +11,13 @@ description = "Release notes for syft v0.5.1" Version [v0.5.1](https://github.com/anchore/syft/releases/tag/v0.5.1) -## [v0.5.1](https://github.com/anchore/syft/tree/v0.5.1) (2020-11-04) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.5.0...v0.5.1) - -**Fixed bugs:** - -- Resolve security warning for macOS users [\#249](https://github.com/anchore/syft/pull/249) ([luhring](https://github.com/luhring)) -- Fix alpine file discovery [\#248](https://github.com/anchore/syft/pull/248) ([wagoodman](https://github.com/wagoodman)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.5.1](https://github.com/anchore/syft/tree/v0.5.1) (2020-11-04) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.5.0...v0.5.1) + +**Fixed bugs:** + +- Resolve security warning for macOS users [\#249](https://github.com/anchore/syft/pull/249) ([luhring](https://github.com/luhring)) +- Fix alpine file discovery [\#248](https://github.com/anchore/syft/pull/248) ([wagoodman](https://github.com/wagoodman)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.51.0.md b/content/docs/releases/syft/v0.51.0.md index 3d2a2bc1..59004991 100644 --- a/content/docs/releases/syft/v0.51.0.md +++ b/content/docs/releases/syft/v0.51.0.md @@ -11,20 +11,20 @@ description = "Release notes for syft v0.51.0" Version [v0.51.0](https://github.com/anchore/syft/releases/tag/v0.51.0) -## [v0.51.0](https://github.com/anchore/syft/tree/v0.51.0) (2022-07-11) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.50.0...v0.51.0) - -## Added Features - -- Syft ignore docker images [[Issue #670](https://github.com/anchore/syft/issues/670)] -- feat: add support for cocoapods (Swift/Objective-C) [[Issue #815](https://github.com/anchore/grype/issues/815)] -- An option to limit to a single filesystem (like -xdev) [[Issue #674](https://github.com/anchore/syft/issues/674)] -- Add Gentoo Linux support [[Issue #998](https://github.com/anchore/syft/issues/998)] -- Update README.md with information about syft choco package [[Issue #1028](https://github.com/anchore/syft/issues/1028)] - -## Bug Fixes - -- syft attest cmd is not exporting output to file [[Issue #1061](https://github.com/anchore/syft/issues/1061)] -- Name is duplicated into Package URL Namespace when Go module path has one element [[Issue #1091](https://github.com/anchore/syft/issues/1091)] +## [v0.51.0](https://github.com/anchore/syft/tree/v0.51.0) (2022-07-11) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.50.0...v0.51.0) + +## Added Features + +- Syft ignore docker images [[Issue #670](https://github.com/anchore/syft/issues/670)] +- feat: add support for cocoapods (Swift/Objective-C) [[Issue #815](https://github.com/anchore/grype/issues/815)] +- An option to limit to a single filesystem (like -xdev) [[Issue #674](https://github.com/anchore/syft/issues/674)] +- Add Gentoo Linux support [[Issue #998](https://github.com/anchore/syft/issues/998)] +- Update README.md with information about syft choco package [[Issue #1028](https://github.com/anchore/syft/issues/1028)] + +## Bug Fixes + +- syft attest cmd is not exporting output to file [[Issue #1061](https://github.com/anchore/syft/issues/1061)] +- Name is duplicated into Package URL Namespace when Go module path has one element [[Issue #1091](https://github.com/anchore/syft/issues/1091)] - fix: unintended artifactRelationship records of type ownership-by-file-overlap are being reported [[Issue 1077](https://github.com/anchore/syft/issues/1077)] diff --git a/content/docs/releases/syft/v0.52.0.md b/content/docs/releases/syft/v0.52.0.md index d0767066..4c47f59f 100644 --- a/content/docs/releases/syft/v0.52.0.md +++ b/content/docs/releases/syft/v0.52.0.md @@ -11,15 +11,15 @@ description = "Release notes for syft v0.52.0" Version [v0.52.0](https://github.com/anchore/syft/releases/tag/v0.52.0) -## [v0.52.0](https://github.com/anchore/syft/tree/v0.52.0) (2022-07-21) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.51.0...v0.52.0) - -## Added Features - -- Replace scratch base image with distroless static [[Issue #833](https://github.com/anchore/syft/issues/833)] -- add Haskell support [[Issue #1093](https://github.com/anchore/syft/issues/1093)] - -## Bug Fixes - +## [v0.52.0](https://github.com/anchore/syft/tree/v0.52.0) (2022-07-21) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.51.0...v0.52.0) + +## Added Features + +- Replace scratch base image with distroless static [[Issue #833](https://github.com/anchore/syft/issues/833)] +- add Haskell support [[Issue #1093](https://github.com/anchore/syft/issues/1093)] + +## Bug Fixes + - Unable to build binary on ppc64le architecture [[Issue #1097](https://github.com/anchore/syft/issues/1097)] diff --git a/content/docs/releases/syft/v0.53.0.md b/content/docs/releases/syft/v0.53.0.md index 5bb19c61..0ab2dfcb 100644 --- a/content/docs/releases/syft/v0.53.0.md +++ b/content/docs/releases/syft/v0.53.0.md @@ -11,15 +11,15 @@ description = "Release notes for syft v0.53.0" Version [v0.53.0](https://github.com/anchore/syft/releases/tag/v0.53.0) -## [v0.53.0](https://github.com/anchore/syft/tree/v0.53.0) (2022-08-02) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.52.0...v0.53.0) - -## Added Features - -- Add support for auditable Rust binaries [[Issue #1108](https://github.com/anchore/syft/issues/1108)] - -## Bug Fixes - -- WARN unable to convert relationship from CycloneDX 1.3 JSON [[Issue #980](https://github.com/anchore/syft/issues/980)] +## [v0.53.0](https://github.com/anchore/syft/tree/v0.53.0) (2022-08-02) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.52.0...v0.53.0) + +## Added Features + +- Add support for auditable Rust binaries [[Issue #1108](https://github.com/anchore/syft/issues/1108)] + +## Bug Fixes + +- WARN unable to convert relationship from CycloneDX 1.3 JSON [[Issue #980](https://github.com/anchore/syft/issues/980)] - purls not generated for unknown types [[Issue #1118](https://github.com/anchore/syft/issues/1118)] diff --git a/content/docs/releases/syft/v0.53.1.md b/content/docs/releases/syft/v0.53.1.md index 3f71ae49..1053945f 100644 --- a/content/docs/releases/syft/v0.53.1.md +++ b/content/docs/releases/syft/v0.53.1.md @@ -11,10 +11,10 @@ description = "Release notes for syft v0.53.1" Version [v0.53.1](https://github.com/anchore/syft/releases/tag/v0.53.1) -## [v0.53.1](https://github.com/anchore/syft/tree/v0.53.1) (2022-08-02) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.53.0...v0.53.1) - -## Added Features - +## [v0.53.1](https://github.com/anchore/syft/tree/v0.53.1) (2022-08-02) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.53.0...v0.53.1) + +## Added Features + - Singularity Image Format (SIF) support [[Issue #937](https://github.com/anchore/syft/issues/937)] diff --git a/content/docs/releases/syft/v0.54.0.md b/content/docs/releases/syft/v0.54.0.md index 5b7af630..8adfbc79 100644 --- a/content/docs/releases/syft/v0.54.0.md +++ b/content/docs/releases/syft/v0.54.0.md @@ -23,7 +23,7 @@ Version [v0.54.0](https://github.com/anchore/syft/releases/tag/v0.54.0) ## Bug Fixes - Empty metadata while decoding should be allowed [[PR #1154](https://github.com/anchore/syft/pull/1154)] [[wagoodman](https://github.com/wagoodman)] -- Add PHP Composer dev dependencies [[Issue #773](https://github.com/anchore/syft/issues/773)] +- Add PHP Composer dev dependencies [[Issue #773](https://github.com/anchore/syft/issues/773)] - opaque error when scanning an image in github registry [[Issue #790](https://github.com/anchore/syft/issues/790)] - javascript-lock-cataloger not detect and parse yarn.lock file [[Issue #798](https://github.com/anchore/syft/issues/798)] - Distro identification fails for dir: scheme when identityFiles not in scope. [[Issue #814](https://github.com/anchore/syft/issues/814)] diff --git a/content/docs/releases/syft/v0.55.0.md b/content/docs/releases/syft/v0.55.0.md index 042c5972..97bf2614 100644 --- a/content/docs/releases/syft/v0.55.0.md +++ b/content/docs/releases/syft/v0.55.0.md @@ -11,17 +11,17 @@ description = "Release notes for syft v0.55.0" Version [v0.55.0](https://github.com/anchore/syft/releases/tag/v0.55.0) -## [v0.55.0](https://github.com/anchore/syft/tree/a7966a4d9d8155be788af33fe5e5af2e40043f82) (2022-08-29) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.54.0...a7966a4d9d8155be788af33fe5e5af2e40043f82) - -## Added Features - -- Capture package.json private field for npm modules [[Issue #1160](https://github.com/anchore/syft/issues/1160)] -- add support for pnpm [[Issue #1165](https://github.com/anchore/syft/issues/1165)] - -## Bug Fixes - -- Java-Cataloger produces empty entries for cyclonedx output [[Issue #466](https://github.com/anchore/syft/issues/466)] -- No licenses included in scan with yarn.lock [[Issue #845](https://github.com/anchore/syft/issues/845)] -- syft convert -o option erroring out [[Issue #1095](https://github.com/anchore/syft/issues/1095)] +## [v0.55.0](https://github.com/anchore/syft/tree/a7966a4d9d8155be788af33fe5e5af2e40043f82) (2022-08-29) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.54.0...a7966a4d9d8155be788af33fe5e5af2e40043f82) + +## Added Features + +- Capture package.json private field for npm modules [[Issue #1160](https://github.com/anchore/syft/issues/1160)] +- add support for pnpm [[Issue #1165](https://github.com/anchore/syft/issues/1165)] + +## Bug Fixes + +- Java-Cataloger produces empty entries for cyclonedx output [[Issue #466](https://github.com/anchore/syft/issues/466)] +- No licenses included in scan with yarn.lock [[Issue #845](https://github.com/anchore/syft/issues/845)] +- syft convert -o option erroring out [[Issue #1095](https://github.com/anchore/syft/issues/1095)] diff --git a/content/docs/releases/syft/v0.56.0.md b/content/docs/releases/syft/v0.56.0.md index d3767358..0e8861bb 100644 --- a/content/docs/releases/syft/v0.56.0.md +++ b/content/docs/releases/syft/v0.56.0.md @@ -11,14 +11,14 @@ description = "Release notes for syft v0.56.0" Version [v0.56.0](https://github.com/anchore/syft/releases/tag/v0.56.0) -[Full Changelog](https://github.com/anchore/syft/compare/v0.55.0...c5dca001e267d2a91ff82e53ca72535ceef6af02) - -## Added Features - -- Add flag to disable Syft hitting toolbox-data.anchore.io [[Issue #1185](https://github.com/anchore/syft/issues/1185)] - -## Bug Fixes - -- Warn on errors from RPM DB parsing [[PR #1200](https://github.com/anchore/syft/pull/1200)] [[wagoodman](https://github.com/wagoodman)] -- SPDX PackageLicenseDeclared should be NOASSERTION [[Issue #660](https://github.com/anchore/syft/issues/660)] +[Full Changelog](https://github.com/anchore/syft/compare/v0.55.0...c5dca001e267d2a91ff82e53ca72535ceef6af02) + +## Added Features + +- Add flag to disable Syft hitting toolbox-data.anchore.io [[Issue #1185](https://github.com/anchore/syft/issues/1185)] + +## Bug Fixes + +- Warn on errors from RPM DB parsing [[PR #1200](https://github.com/anchore/syft/pull/1200)] [[wagoodman](https://github.com/wagoodman)] +- SPDX PackageLicenseDeclared should be NOASSERTION [[Issue #660](https://github.com/anchore/syft/issues/660)] - Syft failed to parse Singularity image [[Issue #1150](https://github.com/anchore/syft/issues/1150)] diff --git a/content/docs/releases/syft/v0.57.0.md b/content/docs/releases/syft/v0.57.0.md index 2e4b253f..cd756377 100644 --- a/content/docs/releases/syft/v0.57.0.md +++ b/content/docs/releases/syft/v0.57.0.md @@ -11,12 +11,12 @@ description = "Release notes for syft v0.57.0" Version [v0.57.0](https://github.com/anchore/syft/releases/tag/v0.57.0) -[Full Changelog](https://github.com/anchore/syft/compare/v0.56.0...04d288b3643f906255af88108f27712bb2be5b63) - -## Added Features - -- Consistent sorting for SPDX JSON output [[Issue #1213](https://github.com/anchore/syft/issues/1213)] - -## Bug Fixes - +[Full Changelog](https://github.com/anchore/syft/compare/v0.56.0...04d288b3643f906255af88108f27712bb2be5b63) + +## Added Features + +- Consistent sorting for SPDX JSON output [[Issue #1213](https://github.com/anchore/syft/issues/1213)] + +## Bug Fixes + - Attest panic on MacOS [[Issue #1210](https://github.com/anchore/syft/issues/1210)] diff --git a/content/docs/releases/syft/v0.58.0.md b/content/docs/releases/syft/v0.58.0.md index 19498669..ba90e504 100644 --- a/content/docs/releases/syft/v0.58.0.md +++ b/content/docs/releases/syft/v0.58.0.md @@ -11,13 +11,14 @@ description = "Release notes for syft v0.58.0" Version [v0.58.0](https://github.com/anchore/syft/releases/tag/v0.58.0) -[Full Changelog](https://github.com/anchore/syft/compare/v0.57.0...b9b13d5525df89194d332467f692bc28bc68d07f) - -## Added Features -- Add support for cpp `conan.lock` files [[PR #1230](https://github.com/anchore/syft/pull/1230)] -- Adding file checksum field in SPDX documents [[Issue #1226](https://github.com/anchore/syft/issues/1226)] - -## Bug Fixes - -- Excluding a directory does not work on Windows [[Issue #1024](https://github.com/anchore/syft/issues/1024)] +[Full Changelog](https://github.com/anchore/syft/compare/v0.57.0...b9b13d5525df89194d332467f692bc28bc68d07f) + +## Added Features + +- Add support for cpp `conan.lock` files [[PR #1230](https://github.com/anchore/syft/pull/1230)] +- Adding file checksum field in SPDX documents [[Issue #1226](https://github.com/anchore/syft/issues/1226)] + +## Bug Fixes + +- Excluding a directory does not work on Windows [[Issue #1024](https://github.com/anchore/syft/issues/1024)] - RPM file scan failed [[Issue #1231](https://github.com/anchore/syft/issues/1231)] diff --git a/content/docs/releases/syft/v0.59.0.md b/content/docs/releases/syft/v0.59.0.md index 1f97da53..4f444c5d 100644 --- a/content/docs/releases/syft/v0.59.0.md +++ b/content/docs/releases/syft/v0.59.0.md @@ -11,16 +11,16 @@ description = "Release notes for syft v0.59.0" Version [v0.59.0](https://github.com/anchore/syft/releases/tag/v0.59.0) -[Full Changelog](https://github.com/anchore/syft/compare/v0.58.0...41bc6bb410352845f22766e27dd48ba93aa825a4) - -## Added Features - -- Attest support for Singularity images [[Issue #1193](https://github.com/anchore/syft/issues/1193)] -- Remove upload to Anchore Enterprise [[Issue #1252](https://github.com/anchore/syft/issues/1252)] - -## Bug Fixes - -- Update requires to use list; remove field [[PR #1234](https://github.com/anchore/syft/pull/1234)] [[spiffcs](https://github.com/spiffcs)] -- Deprecated SPDX license (GFDL* and BSD-2-Clause-NetBSD) [[Issue #1179](https://github.com/anchore/syft/issues/1179)] -- SPDX JSON has external reference category of PACKAGE_MANAGER instead of PACKAGE-MANAGER [[Issue #1236](https://github.com/anchore/syft/issues/1236)] +[Full Changelog](https://github.com/anchore/syft/compare/v0.58.0...41bc6bb410352845f22766e27dd48ba93aa825a4) + +## Added Features + +- Attest support for Singularity images [[Issue #1193](https://github.com/anchore/syft/issues/1193)] +- Remove upload to Anchore Enterprise [[Issue #1252](https://github.com/anchore/syft/issues/1252)] + +## Bug Fixes + +- Update requires to use list; remove field [[PR #1234](https://github.com/anchore/syft/pull/1234)] [[spiffcs](https://github.com/spiffcs)] +- Deprecated SPDX license (GFDL\* and BSD-2-Clause-NetBSD) [[Issue #1179](https://github.com/anchore/syft/issues/1179)] +- SPDX JSON has external reference category of PACKAGE_MANAGER instead of PACKAGE-MANAGER [[Issue #1236](https://github.com/anchore/syft/issues/1236)] - Follow symlinks when searching for globs in all-layers scope [[PR #1221](https://github.com/anchore/syft/pull/1221)] [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/syft/v0.6.0.md b/content/docs/releases/syft/v0.6.0.md index 63a31445..4b55ede1 100644 --- a/content/docs/releases/syft/v0.6.0.md +++ b/content/docs/releases/syft/v0.6.0.md @@ -11,19 +11,17 @@ description = "Release notes for syft v0.6.0" Version [v0.6.0](https://github.com/anchore/syft/releases/tag/v0.6.0) -## [v0.6.0](https://github.com/anchore/syft/tree/v0.6.0) (2020-11-10) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.5.1...v0.6.0) - -**Implemented enhancements:** - -- Add identified distro and version to output for JSON presenter [\#169](https://github.com/anchore/syft/issues/169) -- Add RPM file info sourced from the RPM DB [\#251](https://github.com/anchore/syft/pull/251) ([wagoodman](https://github.com/wagoodman)) - -**Fixed bugs:** - -- Updates for macOS release process [\#254](https://github.com/anchore/syft/pull/254) ([luhring](https://github.com/luhring)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.6.0](https://github.com/anchore/syft/tree/v0.6.0) (2020-11-10) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.5.1...v0.6.0) + +**Implemented enhancements:** + +- Add identified distro and version to output for JSON presenter [\#169](https://github.com/anchore/syft/issues/169) +- Add RPM file info sourced from the RPM DB [\#251](https://github.com/anchore/syft/pull/251) ([wagoodman](https://github.com/wagoodman)) + +**Fixed bugs:** + +- Updates for macOS release process [\#254](https://github.com/anchore/syft/pull/254) ([luhring](https://github.com/luhring)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.60.1.md b/content/docs/releases/syft/v0.60.1.md index f473e41c..60549253 100644 --- a/content/docs/releases/syft/v0.60.1.md +++ b/content/docs/releases/syft/v0.60.1.md @@ -23,7 +23,7 @@ Version [v0.60.1](https://github.com/anchore/syft/releases/tag/v0.60.1) ## Bug Fixes - A malformed Python RECORD file stops Syft processing [[Issue #1012](https://github.com/anchore/syft/issues/1012)] -- Deprecated SPDX license (GFDL* and BSD-2-Clause-NetBSD) [[Issue #1179](https://github.com/anchore/syft/issues/1179)] +- Deprecated SPDX license (GFDL\* and BSD-2-Clause-NetBSD) [[Issue #1179](https://github.com/anchore/syft/issues/1179)] - Update SPDX license list to 3.18 [[Issue #1245](https://github.com/anchore/syft/issues/1245)] - Versions not printed out properly from maven pom.xml [[Issue #1251](https://github.com/anchore/syft/issues/1251)] - syft attest --output cyclonedx-json incompatible with cosign [[Issue #1268](https://github.com/anchore/syft/issues/1268)] diff --git a/content/docs/releases/syft/v0.61.0.md b/content/docs/releases/syft/v0.61.0.md index 6b5dd220..a860b93f 100644 --- a/content/docs/releases/syft/v0.61.0.md +++ b/content/docs/releases/syft/v0.61.0.md @@ -11,27 +11,27 @@ description = "Release notes for syft v0.61.0" Version [v0.61.0](https://github.com/anchore/syft/releases/tag/v0.61.0) -## [v0.61.0](https://github.com/anchore/syft/tree/v0.61.0) (2022-11-18) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.60.3...v0.61.0) - -## Added Features - -- Add support for map fields in CycloneDX (XML and JSON) [[Issue #1032](https://github.com/anchore/syft/issues/1032)] -- Dependency's MIT license not picked up when scanning package-lock.json [[Issue #1113](https://github.com/anchore/syft/issues/1113)] -- Support SPDX 2.3 [[Issue #1292](https://github.com/anchore/syft/issues/1292)] -- Add support for dependency relationships for alpine (apk) [[PR #1063](https://github.com/anchore/syft/pull/1063)] - -## Bug Fixes - -- Normalize alpm md5 refs [[PR #1333](https://github.com/anchore/syft/pull/1333)] [[wagoodman](https://github.com/wagoodman)] -- APK Metadata decoding should be backwards compatible [[PR #1341](https://github.com/anchore/syft/pull/1341)] [[wagoodman](https://github.com/wagoodman)] -- Add spdx relationship encoding for dependencies [[PR #1342](https://github.com/anchore/syft/pull/1342)] [[wagoodman](https://github.com/wagoodman)] -- v0.3.0 SPDX SBOM Does Not Have Unique SPDXID Package IDs [[Issue #923](https://github.com/anchore/syft/issues/923)] -- Missing licenses and "skipping encoding of unsupported property: syft:metadata:goBuildSetting" [[Issue #1007](https://github.com/anchore/syft/issues/1007)] -- System independent build not possible [[Issue #1084](https://github.com/anchore/syft/issues/1084)] -- Dependency's MIT license not picked up when scanning package-lock.json [[Issue #1113](https://github.com/anchore/syft/issues/1113)] -- No packages discovered in SIF when image source not specified [[Issue #1189](https://github.com/anchore/syft/issues/1189)] -- `syft packages` panics on OCI archive creation [[Issue #1318](https://github.com/anchore/syft/issues/1318)] -- Missing metadata in syft-json artifacts crashes grype [[Issue #1334](https://github.com/anchore/syft/issues/1334)] +## [v0.61.0](https://github.com/anchore/syft/tree/v0.61.0) (2022-11-18) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.60.3...v0.61.0) + +## Added Features + +- Add support for map fields in CycloneDX (XML and JSON) [[Issue #1032](https://github.com/anchore/syft/issues/1032)] +- Dependency's MIT license not picked up when scanning package-lock.json [[Issue #1113](https://github.com/anchore/syft/issues/1113)] +- Support SPDX 2.3 [[Issue #1292](https://github.com/anchore/syft/issues/1292)] +- Add support for dependency relationships for alpine (apk) [[PR #1063](https://github.com/anchore/syft/pull/1063)] + +## Bug Fixes + +- Normalize alpm md5 refs [[PR #1333](https://github.com/anchore/syft/pull/1333)] [[wagoodman](https://github.com/wagoodman)] +- APK Metadata decoding should be backwards compatible [[PR #1341](https://github.com/anchore/syft/pull/1341)] [[wagoodman](https://github.com/wagoodman)] +- Add spdx relationship encoding for dependencies [[PR #1342](https://github.com/anchore/syft/pull/1342)] [[wagoodman](https://github.com/wagoodman)] +- v0.3.0 SPDX SBOM Does Not Have Unique SPDXID Package IDs [[Issue #923](https://github.com/anchore/syft/issues/923)] +- Missing licenses and "skipping encoding of unsupported property: syft:metadata:goBuildSetting" [[Issue #1007](https://github.com/anchore/syft/issues/1007)] +- System independent build not possible [[Issue #1084](https://github.com/anchore/syft/issues/1084)] +- Dependency's MIT license not picked up when scanning package-lock.json [[Issue #1113](https://github.com/anchore/syft/issues/1113)] +- No packages discovered in SIF when image source not specified [[Issue #1189](https://github.com/anchore/syft/issues/1189)] +- `syft packages` panics on OCI archive creation [[Issue #1318](https://github.com/anchore/syft/issues/1318)] +- Missing metadata in syft-json artifacts crashes grype [[Issue #1334](https://github.com/anchore/syft/issues/1334)] - CPE for amazoncorretto:19.0.1-al2 is incorrect [[Issue #1337](https://github.com/anchore/syft/issues/1337)] diff --git a/content/docs/releases/syft/v0.62.1.md b/content/docs/releases/syft/v0.62.1.md index 6ba99d6d..f86d26fb 100644 --- a/content/docs/releases/syft/v0.62.1.md +++ b/content/docs/releases/syft/v0.62.1.md @@ -11,12 +11,12 @@ description = "Release notes for syft v0.62.1" Version [v0.62.1](https://github.com/anchore/syft/releases/tag/v0.62.1) -## [v0.62.1](https://github.com/anchore/syft/tree/v0.62.1) (2022-11-21) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.62.0...v0.62.1) - -## Bug Fixes - -- fix(npm): handle aliases in package-lock.json [[Issue #1314](https://github.com/anchore/syft/issues/1314)] [[Mikcl](https://github.com/Mikcl)] -- chore: add debug logging for decode errors [[PR #1352](https://github.com/anchore/syft/pull/1352)] [[kzantow](https://github.com/kzantow)] +## [v0.62.1](https://github.com/anchore/syft/tree/v0.62.1) (2022-11-21) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.62.0...v0.62.1) + +## Bug Fixes + +- fix(npm): handle aliases in package-lock.json [[Issue #1314](https://github.com/anchore/syft/issues/1314)] [[Mikcl](https://github.com/Mikcl)] +- chore: add debug logging for decode errors [[PR #1352](https://github.com/anchore/syft/pull/1352)] [[kzantow](https://github.com/kzantow)] - fix: sort relationships in SPDX output [[Issue #1213](https://github.com/anchore/syft/issues/1213)] [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/syft/v0.62.2.md b/content/docs/releases/syft/v0.62.2.md index ccf92281..0c6012fd 100644 --- a/content/docs/releases/syft/v0.62.2.md +++ b/content/docs/releases/syft/v0.62.2.md @@ -11,12 +11,13 @@ description = "Release notes for syft v0.62.2" Version [v0.62.2](https://github.com/anchore/syft/releases/tag/v0.62.2) -## [v0.62.2](https://github.com/anchore/syft/tree/v0.62.2) (2022-11-28) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.62.1...v0.62.2) - -## Bug Fixes -- SPDX-json output differs between cli and golang implementation [[Issue #1213](https://github.com/anchore/syft/issues/1213)] -- Python cataloging fails to remove some non-version characters from version string [[Issue #1360](https://github.com/anchore/syft/issues/1360)] -- Haskell Cabal packages crash syft [[Issue #1362](https://github.com/anchore/syft/issues/1362)] +## [v0.62.2](https://github.com/anchore/syft/tree/v0.62.2) (2022-11-28) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.62.1...v0.62.2) + +## Bug Fixes + +- SPDX-json output differs between cli and golang implementation [[Issue #1213](https://github.com/anchore/syft/issues/1213)] +- Python cataloging fails to remove some non-version characters from version string [[Issue #1360](https://github.com/anchore/syft/issues/1360)] +- Haskell Cabal packages crash syft [[Issue #1362](https://github.com/anchore/syft/issues/1362)] - Panic case for alpm on windows has a correct error case [[Issue #1094](https://github.com/anchore/syft/issues/1094)] diff --git a/content/docs/releases/syft/v0.62.3.md b/content/docs/releases/syft/v0.62.3.md index a745f8b8..2b572305 100644 --- a/content/docs/releases/syft/v0.62.3.md +++ b/content/docs/releases/syft/v0.62.3.md @@ -11,16 +11,17 @@ description = "Release notes for syft v0.62.3" Version [v0.62.3](https://github.com/anchore/syft/releases/tag/v0.62.3) -## [v0.62.3](https://github.com/anchore/syft/tree/v0.62.3) (2022-11-30) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.62.2...v0.62.3) - -## Added Features -- Add a generic binary cataloger [[PR #1336](https://github.com/anchore/syft/pull/1336)] [[kzantow](https://github.com/kzantow)] -- Add `--name` option to override name in output [[1269](https://github.com/anchore/syft/pull/1269)] [[jedevc](https://github.com/jedevc)] - -## Bug Fixes - -- Recover from bad parsing of golang binary [[PR #1371](https://github.com/anchore/syft/pull/1371)] [[wagoodman](https://github.com/wagoodman)] -- panic: runtime error: index out of range [0] with length 0 [[Issue #1094](https://github.com/anchore/syft/issues/1094)] +## [v0.62.3](https://github.com/anchore/syft/tree/v0.62.3) (2022-11-30) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.62.2...v0.62.3) + +## Added Features + +- Add a generic binary cataloger [[PR #1336](https://github.com/anchore/syft/pull/1336)] [[kzantow](https://github.com/kzantow)] +- Add `--name` option to override name in output [[1269](https://github.com/anchore/syft/pull/1269)] [[jedevc](https://github.com/jedevc)] + +## Bug Fixes + +- Recover from bad parsing of golang binary [[PR #1371](https://github.com/anchore/syft/pull/1371)] [[wagoodman](https://github.com/wagoodman)] +- panic: runtime error: index out of range [0] with length 0 [[Issue #1094](https://github.com/anchore/syft/issues/1094)] - Syft finds no apks for some images with apks [[Issue #1354](https://github.com/anchore/syft/issues/1354)] diff --git a/content/docs/releases/syft/v0.63.0.md b/content/docs/releases/syft/v0.63.0.md index 5abf3acb..ae043842 100644 --- a/content/docs/releases/syft/v0.63.0.md +++ b/content/docs/releases/syft/v0.63.0.md @@ -11,17 +11,17 @@ description = "Release notes for syft v0.63.0" Version [v0.63.0](https://github.com/anchore/syft/releases/tag/v0.63.0) -## [v0.63.0](https://github.com/anchore/syft/tree/v0.63.0) (2022-12-12) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.62.3...v0.63.0) - -## Added Features - -- Catalog Java binary runtimes [[Issue #1388](https://github.com/anchore/syft/issues/1388)] - -## Bug Fixes - -- Syft generates too loose of cpes for python redis [[Issue #1066](https://github.com/anchore/syft/issues/1066)] -- Panic in alpm cataloger [[Issue #1195](https://github.com/anchore/syft/issues/1195)] -- goroutine stack exceeds 1000000000-byte limit scanning image [[Issue #1368](https://github.com/anchore/syft/issues/1368)] +## [v0.63.0](https://github.com/anchore/syft/tree/v0.63.0) (2022-12-12) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.62.3...v0.63.0) + +## Added Features + +- Catalog Java binary runtimes [[Issue #1388](https://github.com/anchore/syft/issues/1388)] + +## Bug Fixes + +- Syft generates too loose of cpes for python redis [[Issue #1066](https://github.com/anchore/syft/issues/1066)] +- Panic in alpm cataloger [[Issue #1195](https://github.com/anchore/syft/issues/1195)] +- goroutine stack exceeds 1000000000-byte limit scanning image [[Issue #1368](https://github.com/anchore/syft/issues/1368)] - Binary go detection [[Issue #1382](https://github.com/anchore/syft/issues/1382)] diff --git a/content/docs/releases/syft/v0.64.0.md b/content/docs/releases/syft/v0.64.0.md index 63da8d6e..2afe7c6e 100644 --- a/content/docs/releases/syft/v0.64.0.md +++ b/content/docs/releases/syft/v0.64.0.md @@ -11,20 +11,20 @@ description = "Release notes for syft v0.64.0" Version [v0.64.0](https://github.com/anchore/syft/releases/tag/v0.64.0) -## [v0.64.0](https://github.com/anchore/syft/tree/v0.64.0) (2022-12-23) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.63.0...v0.64.0) - -## Added Features - -- License parsing for Java [[PR #1385](https://github.com/anchore/syft/pull/1385)] -- Integration or association of binary and package [[Issue #1411](https://github.com/anchore/syft/issues/1411)] -- Include go.sum h1 digest information in checksums [[Issue #1277](https://github.com/anchore/syft/issues/1277)] - -## Bug Fixes - -- Clean package names found in python catalogers [[PR #1417](https://github.com/anchore/syft/pull/1417)] [[wagoodman](https://github.com/wagoodman)] -- FilesAnalyzed wrong and missing SHA1 for files [[Issue #1396](https://github.com/anchore/syft/issues/1396)] -- Binary executables identified as "library" type in CycloneDX [[Issue #1402](https://github.com/anchore/syft/issues/1402)] -- Excessive "unable to read golang buildinfo error=not a Go executable file" warnings in versions after v0.62.1 [[Issue #1403](https://github.com/anchore/syft/issues/1403)] +## [v0.64.0](https://github.com/anchore/syft/tree/v0.64.0) (2022-12-23) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.63.0...v0.64.0) + +## Added Features + +- License parsing for Java [[PR #1385](https://github.com/anchore/syft/pull/1385)] +- Integration or association of binary and package [[Issue #1411](https://github.com/anchore/syft/issues/1411)] +- Include go.sum h1 digest information in checksums [[Issue #1277](https://github.com/anchore/syft/issues/1277)] + +## Bug Fixes + +- Clean package names found in python catalogers [[PR #1417](https://github.com/anchore/syft/pull/1417)] [[wagoodman](https://github.com/wagoodman)] +- FilesAnalyzed wrong and missing SHA1 for files [[Issue #1396](https://github.com/anchore/syft/issues/1396)] +- Binary executables identified as "library" type in CycloneDX [[Issue #1402](https://github.com/anchore/syft/issues/1402)] +- Excessive "unable to read golang buildinfo error=not a Go executable file" warnings in versions after v0.62.1 [[Issue #1403](https://github.com/anchore/syft/issues/1403)] - Binary java detection [[Issue #1410](https://github.com/anchore/syft/issues/1410)] diff --git a/content/docs/releases/syft/v0.65.0.md b/content/docs/releases/syft/v0.65.0.md index da32a19c..21527e94 100644 --- a/content/docs/releases/syft/v0.65.0.md +++ b/content/docs/releases/syft/v0.65.0.md @@ -11,15 +11,15 @@ description = "Release notes for syft v0.65.0" Version [v0.65.0](https://github.com/anchore/syft/releases/tag/v0.65.0) -## [v0.65.0](https://github.com/anchore/syft/tree/v0.65.0) (2023-01-04) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.64.0...v0.65.0) - -## Added Features - -- refactor basic CPE functionality to its own package [[PR #1436](https://github.com/anchore/syft/pull/1436)] [[kzantow](https://github.com/kzantow)] -- adding purl types for binary classifiers [[Issue #1435](https://github.com/anchore/syft/issues/1435)] [[noqcks](https://github.com/noqcks)] - -## Bug Fixes - +## [v0.65.0](https://github.com/anchore/syft/tree/v0.65.0) (2023-01-04) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.64.0...v0.65.0) + +## Added Features + +- refactor basic CPE functionality to its own package [[PR #1436](https://github.com/anchore/syft/pull/1436)] [[kzantow](https://github.com/kzantow)] +- adding purl types for binary classifiers [[Issue #1435](https://github.com/anchore/syft/issues/1435)] [[noqcks](https://github.com/noqcks)] + +## Bug Fixes + - silence additional excessive go binary warnings [[Issue #1432](https://github.com/anchore/syft/issues/1432)] [[jedevc](https://github.com/jedevc)] diff --git a/content/docs/releases/syft/v0.66.0.md b/content/docs/releases/syft/v0.66.0.md index e5135f6b..1c41b90f 100644 --- a/content/docs/releases/syft/v0.66.0.md +++ b/content/docs/releases/syft/v0.66.0.md @@ -11,20 +11,19 @@ description = "Release notes for syft v0.66.0" Version [v0.66.0](https://github.com/anchore/syft/releases/tag/v0.66.0) -## [v0.66.0](https://github.com/anchore/syft/tree/v0.66.0) (2023-01-12) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.65.0...v0.66.0) - -## Added Features - -- Catalog Erlang/Elixir artifacts using "rebar" and "mix" package managers [[Issue #1071](https://github.com/anchore/syft/issues/1071)] [@cpendery] -- Catalog PHP binary runtimes [[Issue #1429](https://github.com/anchore/syft/issues/1429)] [@witchcraze] -- Catalog Apache HTTP binary runtimes [[Issue #1440](https://github.com/anchore/syft/issues/1440)] [@witchcraze] -- Catalog redis binary runtimes [[Issue #1437](https://github.com/anchore/syft/issues/1437)] [@noqcks] -- Increase the speed of cataloger stage [[Issue #1353](https://github.com/anchore/syft/issues/1353)] [@Mikcl] -- Add the origin field to the output format of syftjson [[PR #1327](https://github.com/anchore/syft/pull/1327)] [@asi-cider] - - -## Bug Fixes - +## [v0.66.0](https://github.com/anchore/syft/tree/v0.66.0) (2023-01-12) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.65.0...v0.66.0) + +## Added Features + +- Catalog Erlang/Elixir artifacts using "rebar" and "mix" package managers [[Issue #1071](https://github.com/anchore/syft/issues/1071)] [@cpendery] +- Catalog PHP binary runtimes [[Issue #1429](https://github.com/anchore/syft/issues/1429)] [@witchcraze] +- Catalog Apache HTTP binary runtimes [[Issue #1440](https://github.com/anchore/syft/issues/1440)] [@witchcraze] +- Catalog redis binary runtimes [[Issue #1437](https://github.com/anchore/syft/issues/1437)] [@noqcks] +- Increase the speed of cataloger stage [[Issue #1353](https://github.com/anchore/syft/issues/1353)] [@Mikcl] +- Add the origin field to the output format of syftjson [[PR #1327](https://github.com/anchore/syft/pull/1327)] [@asi-cider] + +## Bug Fixes + - A duplicate file in tar archive causes read to fail [[Issue #1400](https://github.com/anchore/syft/issues/1400)] [@kzantow] diff --git a/content/docs/releases/syft/v0.66.1.md b/content/docs/releases/syft/v0.66.1.md index 8bd73e0c..1a2cff82 100644 --- a/content/docs/releases/syft/v0.66.1.md +++ b/content/docs/releases/syft/v0.66.1.md @@ -11,11 +11,10 @@ description = "Release notes for syft v0.66.1" Version [v0.66.1](https://github.com/anchore/syft/releases/tag/v0.66.1) -## [v0.66.1](https://github.com/anchore/syft/tree/v0.66.1) (2023-01-12) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.66.0...v0.66.1) - - -## Bug Fixes - +## [v0.66.1](https://github.com/anchore/syft/tree/v0.66.1) (2023-01-12) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.66.0...v0.66.1) + +## Bug Fixes + - update graalvm cataloger to fix panic [[PR #1454](https://github.com/anchore/syft/pull/1454)] [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/syft/v0.66.2.md b/content/docs/releases/syft/v0.66.2.md index bceda5cf..2edeb154 100644 --- a/content/docs/releases/syft/v0.66.2.md +++ b/content/docs/releases/syft/v0.66.2.md @@ -11,11 +11,11 @@ description = "Release notes for syft v0.66.2" Version [v0.66.2](https://github.com/anchore/syft/releases/tag/v0.66.2) -## [v0.66.2](https://github.com/anchore/syft/tree/v0.66.2) (2023-01-17) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.66.1...v0.66.2) - -## Bug Fixes - -- update dependency golang.org/x/text [[Issue #1457](https://github.com/anchore/syft/issues/1457)] +## [v0.66.2](https://github.com/anchore/syft/tree/v0.66.2) (2023-01-17) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.66.1...v0.66.2) + +## Bug Fixes + +- update dependency golang.org/x/text [[Issue #1457](https://github.com/anchore/syft/issues/1457)] - syft is now throwing panic with version 0.66.1 [[Issue #1462](https://github.com/anchore/syft/issues/1462)] diff --git a/content/docs/releases/syft/v0.68.0.md b/content/docs/releases/syft/v0.68.0.md index 058622c3..2e9b7391 100644 --- a/content/docs/releases/syft/v0.68.0.md +++ b/content/docs/releases/syft/v0.68.0.md @@ -11,18 +11,18 @@ description = "Release notes for syft v0.68.0" Version [v0.68.0](https://github.com/anchore/syft/releases/tag/v0.68.0) -## [v0.68.0](https://github.com/anchore/syft/tree/v0.68.0) (2023-01-20) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.66.2...v0.68.0) - -## Added Features - -- Catalog memcached binary [[Issue #1459](https://github.com/anchore/syft/issues/1459)] [@witchcraze] - -## Bug Fixes - -- Relax error conditions for catalogers [[PR #1492](https://github.com/anchore/syft/pull/1492)] [[wagoodman](https://github.com/wagoodman)] -- Always set the package ID for java packages [[PR #1493](https://github.com/anchore/syft/pull/1493)] [[wagoodman](https://github.com/wagoodman)] -- Fix panic in APK version specifier handling [[PR #1494](https://github.com/anchore/syft/pull/1494)] [[luhring](https://github.com/luhring)] -- ZERO npm dependencies discovered if any npm dependency has an array as a license [[Issue #1479](https://github.com/anchore/syft/issues/1479)] +## [v0.68.0](https://github.com/anchore/syft/tree/v0.68.0) (2023-01-20) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.66.2...v0.68.0) + +## Added Features + +- Catalog memcached binary [[Issue #1459](https://github.com/anchore/syft/issues/1459)] [@witchcraze] + +## Bug Fixes + +- Relax error conditions for catalogers [[PR #1492](https://github.com/anchore/syft/pull/1492)] [[wagoodman](https://github.com/wagoodman)] +- Always set the package ID for java packages [[PR #1493](https://github.com/anchore/syft/pull/1493)] [[wagoodman](https://github.com/wagoodman)] +- Fix panic in APK version specifier handling [[PR #1494](https://github.com/anchore/syft/pull/1494)] [[luhring](https://github.com/luhring)] +- ZERO npm dependencies discovered if any npm dependency has an array as a license [[Issue #1479](https://github.com/anchore/syft/issues/1479)] - Syft panics on APK parsing when Dependencies or Provides holds an empty string [[Issue #1483](https://github.com/anchore/syft/issues/1483)] diff --git a/content/docs/releases/syft/v0.68.1.md b/content/docs/releases/syft/v0.68.1.md index 0254a50a..e2ad662e 100644 --- a/content/docs/releases/syft/v0.68.1.md +++ b/content/docs/releases/syft/v0.68.1.md @@ -11,14 +11,14 @@ description = "Release notes for syft v0.68.1" Version [v0.68.1](https://github.com/anchore/syft/releases/tag/v0.68.1) -## [v0.68.1](https://github.com/anchore/syft/tree/v0.68.1) (2023-01-25) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.68.0...v0.68.1) - -## Bug Fixes - -- Add relevant CPEs to python and busybox classifiers [[PR #1517](https://github.com/anchore/syft/pull/1517)] [[westonsteimel](https://github.com/westonsteimel)] - -## Additional Changes - +## [v0.68.1](https://github.com/anchore/syft/tree/v0.68.1) (2023-01-25) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.68.0...v0.68.1) + +## Bug Fixes + +- Add relevant CPEs to python and busybox classifiers [[PR #1517](https://github.com/anchore/syft/pull/1517)] [[westonsteimel](https://github.com/westonsteimel)] + +## Additional Changes + - Bump github.com/spdx/tools-golang to v0.4.0 [[PR #1450](https://github.com/anchore/syft/pull/1450)] [[lucacome](https://github.com/lucacome)] diff --git a/content/docs/releases/syft/v0.69.0.md b/content/docs/releases/syft/v0.69.0.md index d1251d6e..5b380dc0 100644 --- a/content/docs/releases/syft/v0.69.0.md +++ b/content/docs/releases/syft/v0.69.0.md @@ -11,15 +11,15 @@ description = "Release notes for syft v0.69.0" Version [v0.69.0](https://github.com/anchore/syft/releases/tag/v0.69.0) -## [v0.69.0](https://github.com/anchore/syft/tree/v0.69.0) (2023-01-30) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.68.1...v0.69.0) - -## Added Features - -- Allow scanning unpacked container filesystems if using Syft as a library [[Issue #1359](https://github.com/anchore/syft/issues/1359)] [[PR #1485](https://github.com/anchore/syft/pull/1485)] [[jedevc](https://github.com/jedevc)] - -## Bug Fixes - -- Syft convert now works properly with template output [[Issue #1409](https://github.com/anchore/syft/issues/1409)] [[PR #1521](https://github.com/anchore/syft/pull/1521)] [[kzantow](https://github.com/kzantow)] +## [v0.69.0](https://github.com/anchore/syft/tree/v0.69.0) (2023-01-30) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.68.1...v0.69.0) + +## Added Features + +- Allow scanning unpacked container filesystems if using Syft as a library [[Issue #1359](https://github.com/anchore/syft/issues/1359)] [[PR #1485](https://github.com/anchore/syft/pull/1485)] [[jedevc](https://github.com/jedevc)] + +## Bug Fixes + +- Syft convert now works properly with template output [[Issue #1409](https://github.com/anchore/syft/issues/1409)] [[PR #1521](https://github.com/anchore/syft/pull/1521)] [[kzantow](https://github.com/kzantow)] - Attestation with a private key [[Issue #1465](https://github.com/anchore/syft/issues/1465)] [[PR #1502](https://github.com/anchore/syft/pull/1502)] [[spiffcs](https://github.com/spiffcs)] diff --git a/content/docs/releases/syft/v0.69.1.md b/content/docs/releases/syft/v0.69.1.md index 2e709e09..696a7962 100644 --- a/content/docs/releases/syft/v0.69.1.md +++ b/content/docs/releases/syft/v0.69.1.md @@ -11,11 +11,11 @@ description = "Release notes for syft v0.69.1" Version [v0.69.1](https://github.com/anchore/syft/releases/tag/v0.69.1) -## [v0.69.1](https://github.com/anchore/syft/tree/v0.69.1) (2023-01-31) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.69.0...v0.69.1) - -## Changes - -- update golang to 1.19 [[PR #1526](https://github.com/anchore/syft/pull/1526)] [[bradleyjones](https://github.com/bradleyjones)] +## [v0.69.1](https://github.com/anchore/syft/tree/v0.69.1) (2023-01-31) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.69.0...v0.69.1) + +## Changes + +- update golang to 1.19 [[PR #1526](https://github.com/anchore/syft/pull/1526)] [[bradleyjones](https://github.com/bradleyjones)] - update spdx/tools-golang to v0.5.0-rc1 [[PR #1503](https://github.com/anchore/syft/pull/1503)] [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/syft/v0.7.0.md b/content/docs/releases/syft/v0.7.0.md index 21d088d8..8940e9ef 100644 --- a/content/docs/releases/syft/v0.7.0.md +++ b/content/docs/releases/syft/v0.7.0.md @@ -11,19 +11,18 @@ description = "Release notes for syft v0.7.0" Version [v0.7.0](https://github.com/anchore/syft/releases/tag/v0.7.0) -## [v0.7.0](https://github.com/anchore/syft/tree/v0.7.0) (2020-11-11) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.6.0...v0.7.0) - -**Implemented enhancements:** - -- Add identified distro and version to output for JSON presenter [\#169](https://github.com/anchore/syft/issues/169) -- Add signed and notarized ZIP release asset [\#261](https://github.com/anchore/syft/pull/261) ([luhring](https://github.com/luhring)) -- Include `ID_LIKE` when parsing distro information [\#256](https://github.com/anchore/syft/issues/256) - -**Fixed bugs:** - -- Cataloging python packages errors out if "top\_level.txt" entry is missing [\#259](https://github.com/anchore/syft/issues/259) - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.7.0](https://github.com/anchore/syft/tree/v0.7.0) (2020-11-11) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.6.0...v0.7.0) + +**Implemented enhancements:** + +- Add identified distro and version to output for JSON presenter [\#169](https://github.com/anchore/syft/issues/169) +- Add signed and notarized ZIP release asset [\#261](https://github.com/anchore/syft/pull/261) ([luhring](https://github.com/luhring)) +- Include `ID_LIKE` when parsing distro information [\#256](https://github.com/anchore/syft/issues/256) + +**Fixed bugs:** + +- Cataloging python packages errors out if "top_level.txt" entry is missing [\#259](https://github.com/anchore/syft/issues/259) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.7.1.md b/content/docs/releases/syft/v0.7.1.md index 988f4ae0..8ee271e6 100644 --- a/content/docs/releases/syft/v0.7.1.md +++ b/content/docs/releases/syft/v0.7.1.md @@ -11,14 +11,12 @@ description = "Release notes for syft v0.7.1" Version [v0.7.1](https://github.com/anchore/syft/releases/tag/v0.7.1) -## [v0.7.1](https://github.com/anchore/syft/tree/v0.7.1) (2020-11-12) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.7.0...v0.7.1) - -**Fixed bugs:** - -- Add source to packages found by RPMdb cataloger [\#263](https://github.com/anchore/syft/pull/263) ([wagoodman](https://github.com/wagoodman)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.7.1](https://github.com/anchore/syft/tree/v0.7.1) (2020-11-12) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.7.0...v0.7.1) + +**Fixed bugs:** + +- Add source to packages found by RPMdb cataloger [\#263](https://github.com/anchore/syft/pull/263) ([wagoodman](https://github.com/wagoodman)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.70.0.md b/content/docs/releases/syft/v0.70.0.md index 8f7644df..2789736d 100644 --- a/content/docs/releases/syft/v0.70.0.md +++ b/content/docs/releases/syft/v0.70.0.md @@ -11,18 +11,18 @@ description = "Release notes for syft v0.70.0" Version [v0.70.0](https://github.com/anchore/syft/releases/tag/v0.70.0) -## [v0.70.0](https://github.com/anchore/syft/tree/v0.70.0) (2023-02-03) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.69.1...v0.70.0) - -## Added Features - -- Catalog traefik binary [[Issue #1460](https://github.com/anchore/syft/issues/1460)] [[PR #1504](https://github.com/anchore/syft/pull/1504)] [[witchcraze](https://github.com/witchcraze)] - -## Bug Fixes - -- Syft hardcodes `custom` attestation type [[Issue #1532](https://github.com/anchore/syft/issues/1532)] [[PR #1533](https://github.com/anchore/syft/pull/1533)] [[Nirusu](https://github.com/Nirusu)] - -## Security - +## [v0.70.0](https://github.com/anchore/syft/tree/v0.70.0) (2023-02-03) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.69.1...v0.70.0) + +## Added Features + +- Catalog traefik binary [[Issue #1460](https://github.com/anchore/syft/issues/1460)] [[PR #1504](https://github.com/anchore/syft/pull/1504)] [[witchcraze](https://github.com/witchcraze)] + +## Bug Fixes + +- Syft hardcodes `custom` attestation type [[Issue #1532](https://github.com/anchore/syft/issues/1532)] [[PR #1533](https://github.com/anchore/syft/pull/1533)] [[Nirusu](https://github.com/Nirusu)] + +## Security + - Prevent leaking attestation password or key path to console or SBOM contents [[PR #1538](https://github.com/anchore/syft/pull/1538)] [[GHSA-jp7v-3587-2956](https://github.com/anchore/syft/security/advisories/GHSA-jp7v-3587-2956)] [[CVE-2023-24827](https://nvd.nist.gov/vuln/detail/CVE-2023-24827)] diff --git a/content/docs/releases/syft/v0.71.0.md b/content/docs/releases/syft/v0.71.0.md index 3402d471..7d32e666 100644 --- a/content/docs/releases/syft/v0.71.0.md +++ b/content/docs/releases/syft/v0.71.0.md @@ -11,18 +11,18 @@ description = "Release notes for syft v0.71.0" Version [v0.71.0](https://github.com/anchore/syft/releases/tag/v0.71.0) -## [v0.71.0](https://github.com/anchore/syft/tree/v0.71.0) (2023-02-09) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.70.0...v0.71.0) - -## Added Features - -- Catalog postgres binary [[Issue #1456](https://github.com/anchore/syft/issues/1456)] [[PR #1536](https://github.com/anchore/syft/pull/1536)] [[witchcraze](https://github.com/witchcraze)] -- Improve Syft performance [[Issue #1328](https://github.com/anchore/syft/issues/1328)] [[PR #1510](https://github.com/anchore/syft/pull/1510)] [[wagoodman](https://github.com/wagoodman)] -- Export specific format versions (SPDX) [[Issue #1519](https://github.com/anchore/syft/issues/1519)] [[PR #1543](https://github.com/anchore/syft/pull/1543)] [[kzantow](https://github.com/kzantow)] - -## Bug Fixes - -- source: when base is set, responsePath should be absolute [[PR #1542](https://github.com/anchore/syft/pull/1542)] [[jedevc](https://github.com/jedevc)] -- Licenses missing in most report format [[Issue #933](https://github.com/anchore/syft/issues/933)] [[PR #1540](https://github.com/anchore/syft/pull/1540)] [[deitch](https://github.com/deitch)] +## [v0.71.0](https://github.com/anchore/syft/tree/v0.71.0) (2023-02-09) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.70.0...v0.71.0) + +## Added Features + +- Catalog postgres binary [[Issue #1456](https://github.com/anchore/syft/issues/1456)] [[PR #1536](https://github.com/anchore/syft/pull/1536)] [[witchcraze](https://github.com/witchcraze)] +- Improve Syft performance [[Issue #1328](https://github.com/anchore/syft/issues/1328)] [[PR #1510](https://github.com/anchore/syft/pull/1510)] [[wagoodman](https://github.com/wagoodman)] +- Export specific format versions (SPDX) [[Issue #1519](https://github.com/anchore/syft/issues/1519)] [[PR #1543](https://github.com/anchore/syft/pull/1543)] [[kzantow](https://github.com/kzantow)] + +## Bug Fixes + +- source: when base is set, responsePath should be absolute [[PR #1542](https://github.com/anchore/syft/pull/1542)] [[jedevc](https://github.com/jedevc)] +- Licenses missing in most report format [[Issue #933](https://github.com/anchore/syft/issues/933)] [[PR #1540](https://github.com/anchore/syft/pull/1540)] [[deitch](https://github.com/deitch)] - apk packages with simplified license show NOASSERTION [[Issue #1529](https://github.com/anchore/syft/issues/1529)] [[PR #1540](https://github.com/anchore/syft/pull/1540)] [[deitch](https://github.com/deitch)] diff --git a/content/docs/releases/syft/v0.72.1.md b/content/docs/releases/syft/v0.72.1.md index a7d7083a..4a754c05 100644 --- a/content/docs/releases/syft/v0.72.1.md +++ b/content/docs/releases/syft/v0.72.1.md @@ -11,14 +11,14 @@ description = "Release notes for syft v0.72.1" Version [v0.72.1](https://github.com/anchore/syft/releases/tag/v0.72.1) -## [v0.72.1](https://github.com/anchore/syft/tree/v0.73.0) (2023-02-22) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.72.0...v0.72.1) - -## Added Features - -- Update SPDX license list to 3.20 [[PR #1600](https://github.com/anchore/syft/pull/1600)] [[vargenau](https://github.com/vargenau)] - -## Bug Fixes - +## [v0.72.1](https://github.com/anchore/syft/tree/v0.73.0) (2023-02-22) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.72.0...v0.72.1) + +## Added Features + +- Update SPDX license list to 3.20 [[PR #1600](https://github.com/anchore/syft/pull/1600)] [[vargenau](https://github.com/vargenau)] + +## Bug Fixes + - Encountering "cycle during symlink resolution" with syft version 0.71.0 onwards [[Issue #1586](https://github.com/anchore/syft/issues/1586)] diff --git a/content/docs/releases/syft/v0.73.0.md b/content/docs/releases/syft/v0.73.0.md index 91554cf8..1c6fb51a 100644 --- a/content/docs/releases/syft/v0.73.0.md +++ b/content/docs/releases/syft/v0.73.0.md @@ -11,18 +11,18 @@ description = "Release notes for syft v0.73.0" Version [v0.73.0](https://github.com/anchore/syft/releases/tag/v0.73.0) -## [v0.73.0](https://github.com/anchore/syft/tree/v0.73.0) (2023-02-22) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.72.0...v0.73.0) - -## Added Features - -- Update SPDX license list to 3.20 [[PR #1600](https://github.com/anchore/syft/pull/1600)] [[vargenau](https://github.com/vargenau)] -- Catalog perl binary [[Issue #1587](https://github.com/anchore/syft/issues/1587)] [[PR #1592](https://github.com/anchore/syft/pull/1592)] [[noqcks](https://github.com/noqcks)] - -## Bug Fixes - -- Fix issue when matching format versions [[PR #1585](https://github.com/anchore/syft/pull/1585)] [[kzantow](https://github.com/kzantow)] -- Cataloger filtering cross matches wrong catalogers [[Issue #1573](https://github.com/anchore/syft/issues/1573)] [[PR #1582](https://github.com/anchore/syft/pull/1582)] [[wagoodman](https://github.com/wagoodman)] -- Python binary detected multiple times when only installed once [[Issue #1579](https://github.com/anchore/syft/issues/1579)] [[PR #1583](https://github.com/anchore/syft/pull/1583)] [[kzantow](https://github.com/kzantow)] +## [v0.73.0](https://github.com/anchore/syft/tree/v0.73.0) (2023-02-22) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.72.0...v0.73.0) + +## Added Features + +- Update SPDX license list to 3.20 [[PR #1600](https://github.com/anchore/syft/pull/1600)] [[vargenau](https://github.com/vargenau)] +- Catalog perl binary [[Issue #1587](https://github.com/anchore/syft/issues/1587)] [[PR #1592](https://github.com/anchore/syft/pull/1592)] [[noqcks](https://github.com/noqcks)] + +## Bug Fixes + +- Fix issue when matching format versions [[PR #1585](https://github.com/anchore/syft/pull/1585)] [[kzantow](https://github.com/kzantow)] +- Cataloger filtering cross matches wrong catalogers [[Issue #1573](https://github.com/anchore/syft/issues/1573)] [[PR #1582](https://github.com/anchore/syft/pull/1582)] [[wagoodman](https://github.com/wagoodman)] +- Python binary detected multiple times when only installed once [[Issue #1579](https://github.com/anchore/syft/issues/1579)] [[PR #1583](https://github.com/anchore/syft/pull/1583)] [[kzantow](https://github.com/kzantow)] - Encountering "cycle during symlink resolution" with syft version 0.71.0 onwards [[Issue #1586](https://github.com/anchore/syft/issues/1586)] diff --git a/content/docs/releases/syft/v0.74.0.md b/content/docs/releases/syft/v0.74.0.md index ca66fdde..e65f5057 100644 --- a/content/docs/releases/syft/v0.74.0.md +++ b/content/docs/releases/syft/v0.74.0.md @@ -11,28 +11,28 @@ description = "Release notes for syft v0.74.0" Version [v0.74.0](https://github.com/anchore/syft/releases/tag/v0.74.0) -## [(v0.74.0)](https://github.com/anchore/syft/tree/v0.74.0) (2023-03-02) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.73.0...v0.74.0) - -## Added Features - -- rust toolchain binary cataloger [[PR #1601](https://github.com/anchore/syft/pull/1601)] [[westonsteimel](https://github.com/westonsteimel)] -- Add support for SUPPORT_END in distro [[PR #1612](https://github.com/anchore/syft/pull/1612)] [[noqcks](https://github.com/noqcks)] -- Catalog haproxy binary [[Issue #1512](https://github.com/anchore/syft/issues/1512)] [[PR #1591](https://github.com/anchore/syft/pull/1591)] [[noqcks](https://github.com/noqcks)] -- Handle cataloger panics [[Issue #1624](https://github.com/anchore/syft/issues/1624)] [[PR #1636](https://github.com/anchore/syft/pull/1636)] [[kzantow](https://github.com/kzantow)] -- set cosign attest predicate type based on Syft output type [[PR #1598](https://github.com/anchore/syft/pull/1598)] [[Nirusu](https://github.com/Nirusu)] -- retain go package info when no module declared [[PR #1632](https://github.com/anchore/syft/pull/1632)] [[westonsteimel](https://github.com/westonsteimel)] - -## Bug Fixes - -- improve CPE generation for curl APK [[PR #1608](https://github.com/anchore/syft/pull/1608)] [[westonsteimel](https://github.com/westonsteimel)] -- determine upstream for apk version streams [[PR #1610](https://github.com/anchore/syft/pull/1610)] [[westonsteimel](https://github.com/westonsteimel)] -- decoding null apk metadata pullDependencies [[PR #1614](https://github.com/anchore/syft/pull/1614)] [[kzantow](https://github.com/kzantow)] -- correct apk purls for other distros [[PR #1620](https://github.com/anchore/syft/pull/1620)] [[westonsteimel](https://github.com/westonsteimel)] -- further improvements to CPE generation for apk packages [[PR #1623](https://github.com/anchore/syft/pull/1623)] [[westonsteimel](https://github.com/westonsteimel)] -- improved CPE-generation for several more APK packages [[PR #1631](https://github.com/anchore/syft/pull/1631)] [[westonsteimel](https://github.com/westonsteimel)] -- apk product/vendor generation for old metadata [[PR #1635](https://github.com/anchore/syft/pull/1635)] [[westonsteimel](https://github.com/westonsteimel)] -- Encountering "cycle during symlink resolution" with syft version 0.71.0 onwards [[Issue #1586](https://github.com/anchore/syft/issues/1586)] [[PR #1604](https://github.com/anchore/syft/pull/1604)] [[wagoodman](https://github.com/wagoodman)] -- syft erlang cataloger can segfault when analyzing an erlang project containing rebar.lock with nested deps [[Issue #1621](https://github.com/anchore/syft/issues/1621)] [[PR #1628](https://github.com/anchore/syft/pull/1628)] [[kzantow](https://github.com/kzantow)] +## [(v0.74.0)](https://github.com/anchore/syft/tree/v0.74.0) (2023-03-02) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.73.0...v0.74.0) + +## Added Features + +- rust toolchain binary cataloger [[PR #1601](https://github.com/anchore/syft/pull/1601)] [[westonsteimel](https://github.com/westonsteimel)] +- Add support for SUPPORT_END in distro [[PR #1612](https://github.com/anchore/syft/pull/1612)] [[noqcks](https://github.com/noqcks)] +- Catalog haproxy binary [[Issue #1512](https://github.com/anchore/syft/issues/1512)] [[PR #1591](https://github.com/anchore/syft/pull/1591)] [[noqcks](https://github.com/noqcks)] +- Handle cataloger panics [[Issue #1624](https://github.com/anchore/syft/issues/1624)] [[PR #1636](https://github.com/anchore/syft/pull/1636)] [[kzantow](https://github.com/kzantow)] +- set cosign attest predicate type based on Syft output type [[PR #1598](https://github.com/anchore/syft/pull/1598)] [[Nirusu](https://github.com/Nirusu)] +- retain go package info when no module declared [[PR #1632](https://github.com/anchore/syft/pull/1632)] [[westonsteimel](https://github.com/westonsteimel)] + +## Bug Fixes + +- improve CPE generation for curl APK [[PR #1608](https://github.com/anchore/syft/pull/1608)] [[westonsteimel](https://github.com/westonsteimel)] +- determine upstream for apk version streams [[PR #1610](https://github.com/anchore/syft/pull/1610)] [[westonsteimel](https://github.com/westonsteimel)] +- decoding null apk metadata pullDependencies [[PR #1614](https://github.com/anchore/syft/pull/1614)] [[kzantow](https://github.com/kzantow)] +- correct apk purls for other distros [[PR #1620](https://github.com/anchore/syft/pull/1620)] [[westonsteimel](https://github.com/westonsteimel)] +- further improvements to CPE generation for apk packages [[PR #1623](https://github.com/anchore/syft/pull/1623)] [[westonsteimel](https://github.com/westonsteimel)] +- improved CPE-generation for several more APK packages [[PR #1631](https://github.com/anchore/syft/pull/1631)] [[westonsteimel](https://github.com/westonsteimel)] +- apk product/vendor generation for old metadata [[PR #1635](https://github.com/anchore/syft/pull/1635)] [[westonsteimel](https://github.com/westonsteimel)] +- Encountering "cycle during symlink resolution" with syft version 0.71.0 onwards [[Issue #1586](https://github.com/anchore/syft/issues/1586)] [[PR #1604](https://github.com/anchore/syft/pull/1604)] [[wagoodman](https://github.com/wagoodman)] +- syft erlang cataloger can segfault when analyzing an erlang project containing rebar.lock with nested deps [[Issue #1621](https://github.com/anchore/syft/issues/1621)] [[PR #1628](https://github.com/anchore/syft/pull/1628)] [[kzantow](https://github.com/kzantow)] - Go tests detecting race cataloging packages [[Issue #1633](https://github.com/anchore/syft/issues/1633)] [[PR #1639](https://github.com/anchore/syft/pull/1639)] [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/syft/v0.74.1.md b/content/docs/releases/syft/v0.74.1.md index 20342f10..189cd6e9 100644 --- a/content/docs/releases/syft/v0.74.1.md +++ b/content/docs/releases/syft/v0.74.1.md @@ -11,15 +11,15 @@ description = "Release notes for syft v0.74.1" Version [v0.74.1](https://github.com/anchore/syft/releases/tag/v0.74.1) -## [v0.74.1](https://github.com/anchore/syft/tree/v0.74.1) (2023-03-09) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.74.0...v0.74.1) - -## Bug Fixes - -- purl for apk packages missing when installed db file is not in root [[Issue #1572](https://github.com/anchore/syft/issues/1572)] [[PR #1615](https://github.com/anchore/syft/pull/1615)] [[deitch](https://github.com/deitch)] -- invalid package url type: dotnet [[Issue #1622](https://github.com/anchore/syft/issues/1622)] [[PR #1649](https://github.com/anchore/syft/pull/1649)] [[kzantow](https://github.com/kzantow)] -- Go tests detecting race cataloging packages [[Issue #1633](https://github.com/anchore/syft/issues/1633)] [[PR #1639](https://github.com/anchore/syft/pull/1639)] [[kzantow](https://github.com/kzantow)] -- Improve Python binary scanning [[Issue #1643](https://github.com/anchore/syft/issues/1643)] [[PR #1648](https://github.com/anchore/syft/pull/1648)] [[kzantow](https://github.com/kzantow)] -- Update haproxy binary matcher [[Issue #1646](https://github.com/anchore/syft/issues/1646)] [[PR #1648](https://github.com/anchore/syft/pull/1648)] [[kzantow](https://github.com/kzantow)] +## [v0.74.1](https://github.com/anchore/syft/tree/v0.74.1) (2023-03-09) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.74.0...v0.74.1) + +## Bug Fixes + +- purl for apk packages missing when installed db file is not in root [[Issue #1572](https://github.com/anchore/syft/issues/1572)] [[PR #1615](https://github.com/anchore/syft/pull/1615)] [[deitch](https://github.com/deitch)] +- invalid package url type: dotnet [[Issue #1622](https://github.com/anchore/syft/issues/1622)] [[PR #1649](https://github.com/anchore/syft/pull/1649)] [[kzantow](https://github.com/kzantow)] +- Go tests detecting race cataloging packages [[Issue #1633](https://github.com/anchore/syft/issues/1633)] [[PR #1639](https://github.com/anchore/syft/pull/1639)] [[kzantow](https://github.com/kzantow)] +- Improve Python binary scanning [[Issue #1643](https://github.com/anchore/syft/issues/1643)] [[PR #1648](https://github.com/anchore/syft/pull/1648)] [[kzantow](https://github.com/kzantow)] +- Update haproxy binary matcher [[Issue #1646](https://github.com/anchore/syft/issues/1646)] [[PR #1648](https://github.com/anchore/syft/pull/1648)] [[kzantow](https://github.com/kzantow)] - SPDX tag-value SBOM value format is incorrect for LicenseID [[Issue #1651](https://github.com/anchore/syft/issues/1651)] [[PR #1657](https://github.com/anchore/syft/pull/1657)] [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/syft/v0.75.0.md b/content/docs/releases/syft/v0.75.0.md index 98475ecd..ed63d99b 100644 --- a/content/docs/releases/syft/v0.75.0.md +++ b/content/docs/releases/syft/v0.75.0.md @@ -11,14 +11,14 @@ description = "Release notes for syft v0.75.0" Version [v0.75.0](https://github.com/anchore/syft/releases/tag/v0.75.0) -## [v0.75.0](https://github.com/anchore/syft/tree/v0.75.0) (2023-03-13) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.74.1...v0.75.0) - -## Added Features - -- Catalog ruby binary [[Issue #1650](https://github.com/anchore/syft/issues/1650)] [[PR #1665](https://github.com/anchore/syft/pull/1665)] [[witchcraze](https://github.com/witchcraze)] - -## Bug Fixes - +## [v0.75.0](https://github.com/anchore/syft/tree/v0.75.0) (2023-03-13) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.74.1...v0.75.0) + +## Added Features + +- Catalog ruby binary [[Issue #1650](https://github.com/anchore/syft/issues/1650)] [[PR #1665](https://github.com/anchore/syft/pull/1665)] [[witchcraze](https://github.com/witchcraze)] + +## Bug Fixes + - more python matching support [[PR #1667](https://github.com/anchore/syft/pull/1667)] [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/syft/v0.76.0.md b/content/docs/releases/syft/v0.76.0.md index 007abb03..d1113b1f 100644 --- a/content/docs/releases/syft/v0.76.0.md +++ b/content/docs/releases/syft/v0.76.0.md @@ -11,31 +11,31 @@ description = "Release notes for syft v0.76.0" Version [v0.76.0](https://github.com/anchore/syft/releases/tag/v0.76.0) -## [v0.76.0](https://github.com/anchore/syft/tree/v0.76.0) (2023-03-31) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.75.0...v0.76.0) - -## Added Features - -- Scan local go mod licenses for golang packages [[PR #1645](https://github.com/anchore/syft/pull/1645)] [[deitch](https://github.com/deitch)] -- update and clean license list generation to return more SPDXID for more inputs [[PR #1691](https://github.com/anchore/syft/pull/1691)] [[spiffcs](https://github.com/spiffcs)] -- argocd binary classifier [[Issue #1606](https://github.com/anchore/syft/issues/1606)] [[PR #1663](https://github.com/anchore/syft/pull/1663)] [[y12studio](https://github.com/y12studio)] -- Add config option to allow user to select the default image source location [[Issue #1703](https://github.com/anchore/syft/pull/1703)] [[spiffcs](https://github.com/spiffcs)] - -## Bug Fixes - -- Defer closing the opened file when using FileScheme [[PR #1668](https://github.com/anchore/syft/pull/1668)] [[Noxsios](https://github.com/Noxsios)] -- fix: remove author contributing to javascript CPEs [[PR #1669](https://github.com/anchore/syft/pull/1669)] [[kzantow](https://github.com/kzantow)] -- fix: reduce logging for bad dpkg lines [[PR #1675](https://github.com/anchore/syft/pull/1675)] [[kzantow](https://github.com/kzantow)] -- Broken shell completion - Bash [[Issue #962](https://github.com/anchore/syft/issues/962)] [[PR #1688](https://github.com/anchore/syft/pull/1688)] [[DanHam](https://github.com/DanHam)] -- syft produces different output when run with sudo [[Issue #1391](https://github.com/anchore/syft/issues/1391)] [[PR #1693](https://github.com/anchore/syft/pull/1693)] [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] -- some binary ruby are not detected [[Issue #1677](https://github.com/anchore/syft/issues/1677)] [[PR #1678](https://github.com/anchore/syft/pull/1678)] [[witchcraze](https://github.com/witchcraze)] -- Documentation says that output is SPDX 2.2 [[Issue #1679](https://github.com/anchore/syft/issues/1679)] [[PR #1680](https://github.com/anchore/syft/pull/1680)] [[vargenau](https://github.com/vargenau)] -- fix: move defer after error to protect panic case [[PR #1670](https://github.com/anchore/syft/pull/1670)] [[spiffcs](https://github.com/spiffcs)] - -## Additional Changes - -- Deprecate config.yaml as valid config source; Add unit regression for correct config paths [[PR #1640](https://github.com/anchore/syft/pull/1640)] [[AidanDelaney](https://github.com/AidanDelaney)] -- Remove more side effects from application config testing [[PR #1684](https://github.com/anchore/syft/pull/1684)] [[wagoodman](https://github.com/wagoodman)] -- chore: tweak some workflow text [[PR #1685](https://github.com/anchore/syft/pull/1685)] [[kzantow](https://github.com/kzantow)] +## [v0.76.0](https://github.com/anchore/syft/tree/v0.76.0) (2023-03-31) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.75.0...v0.76.0) + +## Added Features + +- Scan local go mod licenses for golang packages [[PR #1645](https://github.com/anchore/syft/pull/1645)] [[deitch](https://github.com/deitch)] +- update and clean license list generation to return more SPDXID for more inputs [[PR #1691](https://github.com/anchore/syft/pull/1691)] [[spiffcs](https://github.com/spiffcs)] +- argocd binary classifier [[Issue #1606](https://github.com/anchore/syft/issues/1606)] [[PR #1663](https://github.com/anchore/syft/pull/1663)] [[y12studio](https://github.com/y12studio)] +- Add config option to allow user to select the default image source location [[Issue #1703](https://github.com/anchore/syft/pull/1703)] [[spiffcs](https://github.com/spiffcs)] + +## Bug Fixes + +- Defer closing the opened file when using FileScheme [[PR #1668](https://github.com/anchore/syft/pull/1668)] [[Noxsios](https://github.com/Noxsios)] +- fix: remove author contributing to javascript CPEs [[PR #1669](https://github.com/anchore/syft/pull/1669)] [[kzantow](https://github.com/kzantow)] +- fix: reduce logging for bad dpkg lines [[PR #1675](https://github.com/anchore/syft/pull/1675)] [[kzantow](https://github.com/kzantow)] +- Broken shell completion - Bash [[Issue #962](https://github.com/anchore/syft/issues/962)] [[PR #1688](https://github.com/anchore/syft/pull/1688)] [[DanHam](https://github.com/DanHam)] +- syft produces different output when run with sudo [[Issue #1391](https://github.com/anchore/syft/issues/1391)] [[PR #1693](https://github.com/anchore/syft/pull/1693)] [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] +- some binary ruby are not detected [[Issue #1677](https://github.com/anchore/syft/issues/1677)] [[PR #1678](https://github.com/anchore/syft/pull/1678)] [[witchcraze](https://github.com/witchcraze)] +- Documentation says that output is SPDX 2.2 [[Issue #1679](https://github.com/anchore/syft/issues/1679)] [[PR #1680](https://github.com/anchore/syft/pull/1680)] [[vargenau](https://github.com/vargenau)] +- fix: move defer after error to protect panic case [[PR #1670](https://github.com/anchore/syft/pull/1670)] [[spiffcs](https://github.com/spiffcs)] + +## Additional Changes + +- Deprecate config.yaml as valid config source; Add unit regression for correct config paths [[PR #1640](https://github.com/anchore/syft/pull/1640)] [[AidanDelaney](https://github.com/AidanDelaney)] +- Remove more side effects from application config testing [[PR #1684](https://github.com/anchore/syft/pull/1684)] [[wagoodman](https://github.com/wagoodman)] +- chore: tweak some workflow text [[PR #1685](https://github.com/anchore/syft/pull/1685)] [[kzantow](https://github.com/kzantow)] - chore: fix flaky license sorting [[PR #1690](https://github.com/anchore/syft/pull/1690)] [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/syft/v0.76.1.md b/content/docs/releases/syft/v0.76.1.md index 60ba2c58..786b65a6 100644 --- a/content/docs/releases/syft/v0.76.1.md +++ b/content/docs/releases/syft/v0.76.1.md @@ -11,11 +11,11 @@ description = "Release notes for syft v0.76.1" Version [v0.76.1](https://github.com/anchore/syft/releases/tag/v0.76.1) -## [v0.76.1](https://github.com/anchore/syft/tree/v0.76.1) (2023-04-05) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.76.0...v0.76.1) - -## Added Features - -- Capture file ownership relationships from portage ecosystem [[PR #1702](https://github.com/anchore/syft/pull/1702)] [[wagoodman](https://github.com/wagoodman)] +## [v0.76.1](https://github.com/anchore/syft/tree/v0.76.1) (2023-04-05) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.76.0...v0.76.1) + +## Added Features + +- Capture file ownership relationships from portage ecosystem [[PR #1702](https://github.com/anchore/syft/pull/1702)] [[wagoodman](https://github.com/wagoodman)] - Add Nix Cataloger [[Issue #462](https://github.com/anchore/syft/issues/462)] [[PR #1107](https://github.com/anchore/syft/pull/1107)] [[juliosueiras](https://github.com/juliosueiras)] [[PR #1696](https://github.com/anchore/syft/pull/1696)] [[wagoodman](https://github.com/wagoodman)] [[flokli](https://github.com/flokli)] diff --git a/content/docs/releases/syft/v0.77.0.md b/content/docs/releases/syft/v0.77.0.md index 73f6e61c..3fa63cce 100644 --- a/content/docs/releases/syft/v0.77.0.md +++ b/content/docs/releases/syft/v0.77.0.md @@ -11,11 +11,11 @@ description = "Release notes for syft v0.77.0" Version [v0.77.0](https://github.com/anchore/syft/releases/tag/v0.77.0) -## [v0.77.0](https://github.com/anchore/syft/tree/v0.77.0) (2023-04-11) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.76.1...v0.77.0) - -## Added Features - -- feat: gradle lockfile support [[PR #1719](https://github.com/anchore/syft/pull/1719)] [[henrysachs](https://github.com/henrysachs)] -- feat: support for java "nar" files [[PR #1727](https://github.com/anchore/syft/pull/1727)] [[Shanedell](https://github.com/Shanedell)] +## [v0.77.0](https://github.com/anchore/syft/tree/v0.77.0) (2023-04-11) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.76.1...v0.77.0) + +## Added Features + +- feat: gradle lockfile support [[PR #1719](https://github.com/anchore/syft/pull/1719)] [[henrysachs](https://github.com/henrysachs)] +- feat: support for java "nar" files [[PR #1727](https://github.com/anchore/syft/pull/1727)] [[Shanedell](https://github.com/Shanedell)] diff --git a/content/docs/releases/syft/v0.78.0.md b/content/docs/releases/syft/v0.78.0.md index e1f4e7af..feeaeafc 100644 --- a/content/docs/releases/syft/v0.78.0.md +++ b/content/docs/releases/syft/v0.78.0.md @@ -11,17 +11,17 @@ description = "Release notes for syft v0.78.0" Version [v0.78.0](https://github.com/anchore/syft/releases/tag/v0.78.0) -## [v0.78.0](https://github.com/anchore/syft/tree/v0.78.0) (2023-04-17) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.77.0...v0.78.0) - -## Added Features - -- Add Linux Kernel cataloger [[PR #1694](https://github.com/anchore/syft/pull/1694)] [[deitch](https://github.com/deitch) & [wagoodman](https://github.com/wagoodman)] -- Support scanning license files in golang packages over the network [[Issue #1056](https://github.com/anchore/syft/issues/1056)] [[PR #1630](https://github.com/anchore/syft/pull/1630)] [[deitch](https://github.com/deitch) & [kzantow](https://github.com/kzantow)] -- Add consul binary classifier [[Issue #1590](https://github.com/anchore/syft/issues/1590)] [[PR #1738](https://github.com/anchore/syft/pull/1738)] [[Shanedell](https://github.com/Shanedell)] -- Add annotations for evidence on package locations [[PR #1723](https://github.com/anchore/syft/pull/1723)] [[wagoodman](https://github.com/wagoodman)] - -## Bug Fixes - +## [v0.78.0](https://github.com/anchore/syft/tree/v0.78.0) (2023-04-17) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.77.0...v0.78.0) + +## Added Features + +- Add Linux Kernel cataloger [[PR #1694](https://github.com/anchore/syft/pull/1694)] [[deitch](https://github.com/deitch) & [wagoodman](https://github.com/wagoodman)] +- Support scanning license files in golang packages over the network [[Issue #1056](https://github.com/anchore/syft/issues/1056)] [[PR #1630](https://github.com/anchore/syft/pull/1630)] [[deitch](https://github.com/deitch) & [kzantow](https://github.com/kzantow)] +- Add consul binary classifier [[Issue #1590](https://github.com/anchore/syft/issues/1590)] [[PR #1738](https://github.com/anchore/syft/pull/1738)] [[Shanedell](https://github.com/Shanedell)] +- Add annotations for evidence on package locations [[PR #1723](https://github.com/anchore/syft/pull/1723)] [[wagoodman](https://github.com/wagoodman)] + +## Bug Fixes + - Decoding of the syft-json format does not handle files [[Issue #1534](https://github.com/anchore/syft/issues/1534)] [[PR #1698](https://github.com/anchore/syft/pull/1698)] [[wagoodman](https://github.com/wagoodman)] diff --git a/content/docs/releases/syft/v0.79.0.md b/content/docs/releases/syft/v0.79.0.md index 826ac5e8..1da4c6ee 100644 --- a/content/docs/releases/syft/v0.79.0.md +++ b/content/docs/releases/syft/v0.79.0.md @@ -11,19 +11,19 @@ description = "Release notes for syft v0.79.0" Version [v0.79.0](https://github.com/anchore/syft/releases/tag/v0.79.0) -## [v0.79.0](https://github.com/anchore/syft/tree/v0.79.0) (2023-04-21) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.78.0...v0.79.0) - -## Added Features - -- Add ALPM Metadata to CYCLONEDX and SPDX output formats [[Issue #1037](https://github.com/anchore/syft/issues/1037)] [[PR #1747](https://github.com/anchore/syft/pull/1747)] [[Shanedell](https://github.com/Shanedell)] -- consul binary classifier [[Issue #1590](https://github.com/anchore/syft/issues/1590)] [[PR #1738](https://github.com/anchore/syft/pull/1738)] [[Shanedell](https://github.com/Shanedell)] - -## Bug Fixes - -- Syft missing direct dependencies from the gemfile.lock [[Issue #1660](https://github.com/anchore/syft/issues/1660)] [[PR #1749](https://github.com/anchore/syft/pull/1749)] [[Shanedell](https://github.com/Shanedell)] - -## Additional Changes - +## [v0.79.0](https://github.com/anchore/syft/tree/v0.79.0) (2023-04-21) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.78.0...v0.79.0) + +## Added Features + +- Add ALPM Metadata to CYCLONEDX and SPDX output formats [[Issue #1037](https://github.com/anchore/syft/issues/1037)] [[PR #1747](https://github.com/anchore/syft/pull/1747)] [[Shanedell](https://github.com/Shanedell)] +- consul binary classifier [[Issue #1590](https://github.com/anchore/syft/issues/1590)] [[PR #1738](https://github.com/anchore/syft/pull/1738)] [[Shanedell](https://github.com/Shanedell)] + +## Bug Fixes + +- Syft missing direct dependencies from the gemfile.lock [[Issue #1660](https://github.com/anchore/syft/issues/1660)] [[PR #1749](https://github.com/anchore/syft/pull/1749)] [[Shanedell](https://github.com/Shanedell)] + +## Additional Changes + - chore: bump stereoscope to latest version [[PR #1741](https://github.com/anchore/syft/pull/1741)] [[westonsteimel](https://github.com/westonsteimel)] diff --git a/content/docs/releases/syft/v0.8.0.md b/content/docs/releases/syft/v0.8.0.md index 18a44971..8211c4ec 100644 --- a/content/docs/releases/syft/v0.8.0.md +++ b/content/docs/releases/syft/v0.8.0.md @@ -11,19 +11,17 @@ description = "Release notes for syft v0.8.0" Version [v0.8.0](https://github.com/anchore/syft/releases/tag/v0.8.0) -## [v0.8.0](https://github.com/anchore/syft/tree/v0.8.0) (2020-11-17) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.7.1...v0.8.0) - -**Enhancements:** - -- Add JSON document import [\#266](https://github.com/anchore/syft/pull/266) - -**Fixed bugs:** - -- Incorrect version parsing from certain java package names in syft 5.0 and newer [\#255](https://github.com/anchore/syft/issues/255) -- Unable to parse license field for certain npm dependencies [\#253](https://github.com/anchore/syft/issues/253) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.8.0](https://github.com/anchore/syft/tree/v0.8.0) (2020-11-17) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.7.1...v0.8.0) + +**Enhancements:** + +- Add JSON document import [\#266](https://github.com/anchore/syft/pull/266) + +**Fixed bugs:** + +- Incorrect version parsing from certain java package names in syft 5.0 and newer [\#255](https://github.com/anchore/syft/issues/255) +- Unable to parse license field for certain npm dependencies [\#253](https://github.com/anchore/syft/issues/253) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.80.0.md b/content/docs/releases/syft/v0.80.0.md index 296ac20e..2c83e714 100644 --- a/content/docs/releases/syft/v0.80.0.md +++ b/content/docs/releases/syft/v0.80.0.md @@ -25,7 +25,7 @@ Version [v0.80.0](https://github.com/anchore/syft/releases/tag/v0.80.0) - chore: do not HTML escape PackageURLs [[PR #1782](https://github.com/anchore/syft/pull/1782)] [[kzantow](https://github.com/kzantow)] - RPM database not found on ostree-managed systems [[Issue #1755](https://github.com/anchore/syft/issues/1755)] [[PR #1756](https://github.com/anchore/syft/pull/1756)] [[fpytloun](https://github.com/fpytloun)] - Unable to use syft for private azure container registry [[Issue #1777](https://github.com/anchore/syft/issues/1777)] -- linux-kernel-cataloger produces thousands of version-less components. [[Issue #1781](https://github.com/anchore/syft/issues/1781)] [[PR #1784](https://github.com/anchore/syft/pull/1784)] [[kzantow](https://github.com/kzantow)] +- linux-kernel-cataloger produces thousands of version-less components. [[Issue #1781](https://github.com/anchore/syft/issues/1781)] [[PR #1784](https://github.com/anchore/syft/pull/1784)] [[kzantow](https://github.com/kzantow)] ## Deprecated Features diff --git a/content/docs/releases/syft/v0.81.0.md b/content/docs/releases/syft/v0.81.0.md index 99fde2e0..f7183984 100644 --- a/content/docs/releases/syft/v0.81.0.md +++ b/content/docs/releases/syft/v0.81.0.md @@ -11,25 +11,25 @@ description = "Release notes for syft v0.81.0" Version [v0.81.0](https://github.com/anchore/syft/releases/tag/v0.81.0) -## [v0.81.0](https://github.com/anchore/syft/tree/v0.81.0) (2023-05-22) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.80.0...v0.81.0) - -## Added Features - -- Support cataloging R packages [[Issue #730](https://github.com/anchore/syft/issues/730)] [[PR #1790](https://github.com/anchore/syft/pull/1790)] [[willmurphyscode](https://github.com/willmurphyscode)] -- Support describing license properties and SPDX expression assertions [[Issue #1577](https://github.com/anchore/syft/issues/1577)] [[PR #1743](https://github.com/anchore/syft/pull/1743)] [[spiffcs](https://github.com/spiffcs)] -- Warn if parsing a newer SBOM [[PR #1810](https://github.com/anchore/syft/pull/1810)] [[willmurphyscode](https://github.com/willmurphyscode)] - -## Bug Fixes - -- Retain cataloged SBOM relationships [[PR #1509](https://github.com/anchore/syft/pull/1509)] [[houdini91](https://github.com/houdini91)] -- fix: update field plurality of 8.0.0 schema before release [[PR #1820](https://github.com/anchore/syft/pull/1820)] [[spiffcs](https://github.com/spiffcs)] -- fix: remove spurious warnings - unknown relationship type: evident-by form-lib=syft [[Issue #1812](https://github.com/anchore/syft/issues/1812)] [[PR #1797](https://github.com/anchore/syft/pull/1797)] [[willmurphyscode](https://github.com/willmurphyscode)] -- CycloneDX Dependencies Relationships Inverted [[Issue #1815](https://github.com/anchore/syft/issues/1815)] [[PR #1816](https://github.com/anchore/syft/pull/1816)] [[shanealv](https://github.com/shanealv)] -- Alpine: license expression should be complete and not parsed out [[Issue #1817](https://github.com/anchore/syft/issues/1817)] [[PR #1819](https://github.com/anchore/syft/pull/1819)] [[spiffcs](https://github.com/spiffcs)] - -## Additional Changes - -- Print package list when extra packages found [[PR #1791](https://github.com/anchore/syft/pull/1791)] [[willmurphyscode](https://github.com/willmurphyscode)] +## [v0.81.0](https://github.com/anchore/syft/tree/v0.81.0) (2023-05-22) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.80.0...v0.81.0) + +## Added Features + +- Support cataloging R packages [[Issue #730](https://github.com/anchore/syft/issues/730)] [[PR #1790](https://github.com/anchore/syft/pull/1790)] [[willmurphyscode](https://github.com/willmurphyscode)] +- Support describing license properties and SPDX expression assertions [[Issue #1577](https://github.com/anchore/syft/issues/1577)] [[PR #1743](https://github.com/anchore/syft/pull/1743)] [[spiffcs](https://github.com/spiffcs)] +- Warn if parsing a newer SBOM [[PR #1810](https://github.com/anchore/syft/pull/1810)] [[willmurphyscode](https://github.com/willmurphyscode)] + +## Bug Fixes + +- Retain cataloged SBOM relationships [[PR #1509](https://github.com/anchore/syft/pull/1509)] [[houdini91](https://github.com/houdini91)] +- fix: update field plurality of 8.0.0 schema before release [[PR #1820](https://github.com/anchore/syft/pull/1820)] [[spiffcs](https://github.com/spiffcs)] +- fix: remove spurious warnings - unknown relationship type: evident-by form-lib=syft [[Issue #1812](https://github.com/anchore/syft/issues/1812)] [[PR #1797](https://github.com/anchore/syft/pull/1797)] [[willmurphyscode](https://github.com/willmurphyscode)] +- CycloneDX Dependencies Relationships Inverted [[Issue #1815](https://github.com/anchore/syft/issues/1815)] [[PR #1816](https://github.com/anchore/syft/pull/1816)] [[shanealv](https://github.com/shanealv)] +- Alpine: license expression should be complete and not parsed out [[Issue #1817](https://github.com/anchore/syft/issues/1817)] [[PR #1819](https://github.com/anchore/syft/pull/1819)] [[spiffcs](https://github.com/spiffcs)] + +## Additional Changes + +- Print package list when extra packages found [[PR #1791](https://github.com/anchore/syft/pull/1791)] [[willmurphyscode](https://github.com/willmurphyscode)] - update cosign to v2 release (different go module) [[PR #1805](https://github.com/anchore/syft/pull/1805)] [[bobcallaway](https://github.com/bobcallaway)] diff --git a/content/docs/releases/syft/v0.82.0.md b/content/docs/releases/syft/v0.82.0.md index ef73d789..9314a758 100644 --- a/content/docs/releases/syft/v0.82.0.md +++ b/content/docs/releases/syft/v0.82.0.md @@ -11,15 +11,16 @@ description = "Release notes for syft v0.82.0" Version [v0.82.0](https://github.com/anchore/syft/releases/tag/v0.82.0) -## [v0.82.0](https://github.com/anchore/syft/tree/v0.82.0) (2023-05-23) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.81.0...v0.82.0) - -## Added Features - -- Improve Go main module version detection by attempting to parse available ldflags [[Issue #1785](https://github.com/anchore/syft/issues/1785)] [[PR #1832](https://github.com/anchore/syft/pull/1832)] [[wagoodman](https://github.com/wagoodman)] - -## Bug Fixes -- Fix a problem in the license parsing logic that may result in a panic [[PR #1839](https://github.com/anchore/syft/pull/1839)] -- Return all relevant error messages if an image retrieval fails when a scheme is specified [[PR #1801](https://github.com/anchore/syft/pull/1801)] [[FrimIdan](https://github.com/FrimIdan)] +## [v0.82.0](https://github.com/anchore/syft/tree/v0.82.0) (2023-05-23) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.81.0...v0.82.0) + +## Added Features + +- Improve Go main module version detection by attempting to parse available ldflags [[Issue #1785](https://github.com/anchore/syft/issues/1785)] [[PR #1832](https://github.com/anchore/syft/pull/1832)] [[wagoodman](https://github.com/wagoodman)] + +## Bug Fixes + +- Fix a problem in the license parsing logic that may result in a panic [[PR #1839](https://github.com/anchore/syft/pull/1839)] +- Return all relevant error messages if an image retrieval fails when a scheme is specified [[PR #1801](https://github.com/anchore/syft/pull/1801)] [[FrimIdan](https://github.com/FrimIdan)] - Fix a problem with PNPM scanning where v6 lockfiles might result in duplicated packages [[Issue #1762](https://github.com/anchore/syft/issues/1762)] [[PR #1778](https://github.com/anchore/syft/pull/1778)] [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/syft/v0.83.0.md b/content/docs/releases/syft/v0.83.0.md index 620848c6..ee08871d 100644 --- a/content/docs/releases/syft/v0.83.0.md +++ b/content/docs/releases/syft/v0.83.0.md @@ -11,26 +11,26 @@ description = "Release notes for syft v0.83.0" Version [v0.83.0](https://github.com/anchore/syft/releases/tag/v0.83.0) -## [v0.83.0](https://github.com/anchore/syft/tree/v0.83.0) (2023-06-05) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.82.0...v0.83.0) - -## Added Features - -- Add new '--source-version' and '--source-name' options to set the name and version of the target being analyzed for reference in resulting syft-json format SBOMs (more formats will support these flags soon). [[Issue #1399](https://github.com/anchore/syft/issues/1399)] [[PR #1859](https://github.com/anchore/syft/pull/1859)] [[kzantow](https://github.com/kzantow)] -- Add scope to POM properties [[PR #1779](https://github.com/anchore/syft/pull/1779)] [[jneate](https://github.com/jneate)] -- Accept main.version ldflags even without vcs [[PR #1855](https://github.com/anchore/syft/pull/1855)] [[deitch](https://github.com/deitch)] - -## Bug Fixes - -- Fix directory resolver to consider CWD and root path input correctly [[PR #1840](https://github.com/anchore/syft/pull/1840)] [[wagoodman](https://github.com/wagoodman)] -- Show all error messages if there is a failure retrieving an image with a specified scheme [[Issue #1569](https://github.com/anchore/syft/issues/1569)] [[PR #1801](https://github.com/anchore/syft/pull/1801)] [[FrimIdan](https://github.com/FrimIdan)] -- v0.81.0 crashing parsing some images [[Issue #1837](https://github.com/anchore/syft/issues/1837)] [[PR #1839](https://github.com/anchore/syft/pull/1839)] [[spiffcs](https://github.com/spiffcs)] - -## Deprecated Features - -- Migrate location-related structs to the file package [[PR #1751](https://github.com/anchore/syft/pull/1751)] [[wagoodman](https://github.com/wagoodman)] - -## Additional Changes - +## [v0.83.0](https://github.com/anchore/syft/tree/v0.83.0) (2023-06-05) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.82.0...v0.83.0) + +## Added Features + +- Add new '--source-version' and '--source-name' options to set the name and version of the target being analyzed for reference in resulting syft-json format SBOMs (more formats will support these flags soon). [[Issue #1399](https://github.com/anchore/syft/issues/1399)] [[PR #1859](https://github.com/anchore/syft/pull/1859)] [[kzantow](https://github.com/kzantow)] +- Add scope to POM properties [[PR #1779](https://github.com/anchore/syft/pull/1779)] [[jneate](https://github.com/jneate)] +- Accept main.version ldflags even without vcs [[PR #1855](https://github.com/anchore/syft/pull/1855)] [[deitch](https://github.com/deitch)] + +## Bug Fixes + +- Fix directory resolver to consider CWD and root path input correctly [[PR #1840](https://github.com/anchore/syft/pull/1840)] [[wagoodman](https://github.com/wagoodman)] +- Show all error messages if there is a failure retrieving an image with a specified scheme [[Issue #1569](https://github.com/anchore/syft/issues/1569)] [[PR #1801](https://github.com/anchore/syft/pull/1801)] [[FrimIdan](https://github.com/FrimIdan)] +- v0.81.0 crashing parsing some images [[Issue #1837](https://github.com/anchore/syft/issues/1837)] [[PR #1839](https://github.com/anchore/syft/pull/1839)] [[spiffcs](https://github.com/spiffcs)] + +## Deprecated Features + +- Migrate location-related structs to the file package [[PR #1751](https://github.com/anchore/syft/pull/1751)] [[wagoodman](https://github.com/wagoodman)] + +## Additional Changes + - chore: code cleanup [[PR #1865](https://github.com/anchore/syft/pull/1865)] [[spiffcs](https://github.com/spiffcs)] diff --git a/content/docs/releases/syft/v0.83.1.md b/content/docs/releases/syft/v0.83.1.md index d0a230e5..648b77cf 100644 --- a/content/docs/releases/syft/v0.83.1.md +++ b/content/docs/releases/syft/v0.83.1.md @@ -11,12 +11,12 @@ description = "Release notes for syft v0.83.1" Version [v0.83.1](https://github.com/anchore/syft/releases/tag/v0.83.1) -## [v0.83.1](https://github.com/anchore/syft/tree/v0.83.1) (2023-06-14) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.83.0...v0.83.1) - -## Bug Fixes - -- fix: pom properties not setting artifact id [[PR #1870](https://github.com/anchore/syft/pull/1870)] [[jneate](https://github.com/jneate)] -- fix(deps): pull in platform selection fix from stereoscope [[PR #1871](https://github.com/anchore/syft/pull/1871)] [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] - pulling in an image with a digest that does not match the platform and architecture of the host no longer fails with an error, see https://github.com/anchore/stereoscope/issues/188 +## [v0.83.1](https://github.com/anchore/syft/tree/v0.83.1) (2023-06-14) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.83.0...v0.83.1) + +## Bug Fixes + +- fix: pom properties not setting artifact id [[PR #1870](https://github.com/anchore/syft/pull/1870)] [[jneate](https://github.com/jneate)] +- fix(deps): pull in platform selection fix from stereoscope [[PR #1871](https://github.com/anchore/syft/pull/1871)] [[anchore-actions-token-generator](https://github.com/anchore-actions-token-generator)] - pulling in an image with a digest that does not match the platform and architecture of the host no longer fails with an error, see https://github.com/anchore/stereoscope/issues/188 - symlinks within a scanned directory tree are parsed outside the tree, failing if target does not exist [[Issue #1860](https://github.com/anchore/syft/issues/1860)] [[PR #1861](https://github.com/anchore/syft/pull/1861)] [[deitch](https://github.com/deitch)] diff --git a/content/docs/releases/syft/v0.84.1.md b/content/docs/releases/syft/v0.84.1.md index 98121f91..8b941aaf 100644 --- a/content/docs/releases/syft/v0.84.1.md +++ b/content/docs/releases/syft/v0.84.1.md @@ -11,17 +11,17 @@ description = "Release notes for syft v0.84.1" Version [v0.84.1](https://github.com/anchore/syft/releases/tag/v0.84.1) -## [v0.84.1](https://github.com/anchore/syft/tree/v0.84.1) (2023-06-29) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.84.0...v0.84.1) - -## Bug Fixes - -- Fix version detection in Java archive name parsing [[PR #1889](https://github.com/anchore/syft/pull/1889)] [[luhring](https://github.com/luhring)] -- Improve support for Dart SDK package dependency lockfiles [[PR #1891](https://github.com/anchore/syft/pull/1891)] [[rufman](https://github.com/rufman)] -- Fix license output for some CycloneDX JSON SBOMs [[Issue #1877](https://github.com/anchore/syft/issues/1877)] [[PR #1879](https://github.com/anchore/syft/pull/1879)] [[kzantow](https://github.com/kzantow)] -- Correctly discover Debian file relationships in distroless images [[Issue #1900](https://github.com/anchore/syft/issues/1900)] [[PR #1901](https://github.com/anchore/syft/pull/1901)] [[westonsteimel](https://github.com/westonsteimel)] - -## Additional Changes - +## [v0.84.1](https://github.com/anchore/syft/tree/v0.84.1) (2023-06-29) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.84.0...v0.84.1) + +## Bug Fixes + +- Fix version detection in Java archive name parsing [[PR #1889](https://github.com/anchore/syft/pull/1889)] [[luhring](https://github.com/luhring)] +- Improve support for Dart SDK package dependency lockfiles [[PR #1891](https://github.com/anchore/syft/pull/1891)] [[rufman](https://github.com/rufman)] +- Fix license output for some CycloneDX JSON SBOMs [[Issue #1877](https://github.com/anchore/syft/issues/1877)] [[PR #1879](https://github.com/anchore/syft/pull/1879)] [[kzantow](https://github.com/kzantow)] +- Correctly discover Debian file relationships in distroless images [[Issue #1900](https://github.com/anchore/syft/issues/1900)] [[PR #1901](https://github.com/anchore/syft/pull/1901)] [[westonsteimel](https://github.com/westonsteimel)] + +## Additional Changes + - Simplify the SBOM writer interface [[PR #1892](https://github.com/anchore/syft/pull/1892)] [[wagoodman](https://github.com/wagoodman)] diff --git a/content/docs/releases/syft/v0.85.0.md b/content/docs/releases/syft/v0.85.0.md index 998e3770..8ccde72e 100644 --- a/content/docs/releases/syft/v0.85.0.md +++ b/content/docs/releases/syft/v0.85.0.md @@ -11,30 +11,30 @@ description = "Release notes for syft v0.85.0" Version [v0.85.0](https://github.com/anchore/syft/releases/tag/v0.85.0) -## [v0.85.0](https://github.com/anchore/syft/tree/v0.85.0) (2023-07-12) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.84.1...v0.85.0) - -## Added Features - -- Add a --base-path command line flag to set the directory base for scans (this option was previously exposed via API only) [[PR #1867](https://github.com/anchore/syft/pull/1867)] [[deitch](https://github.com/deitch)] -- Add file source digest support [[PR #1914](https://github.com/anchore/syft/pull/1914)] [[wagoodman](https://github.com/wagoodman)] -- Remove erroneous Java CPEs from generation [[PR #1918](https://github.com/anchore/syft/pull/1918)] [[luhring](https://github.com/luhring)] -- Fix CPE generation for k8s python client [[PR #1921](https://github.com/anchore/syft/pull/1921)] [[luhring](https://github.com/luhring)] -- Don't use the actual redis or grpc CPEs for gems [[PR #1926](https://github.com/anchore/syft/pull/1926)] [[luhring](https://github.com/luhring)] -- The text user interface is now provided by the bubbletea library [[Issue #1441](https://github.com/anchore/syft/issues/1441)] [[PR #1888](https://github.com/anchore/syft/pull/1888)] [[wagoodman](https://github.com/wagoodman)] - -## Bug Fixes - -- Install script returns exit code 0 even if install fails [[Issue #1566](https://github.com/anchore/syft/issues/1566)] [[PR #1915](https://github.com/anchore/syft/pull/1915)] [[lorsatti](https://github.com/lorsatti)] -- [Windows] Not able to scan volume mounted to folder [[Issue #1828](https://github.com/anchore/syft/issues/1828)] [[PR #1884](https://github.com/anchore/syft/pull/1884)] [[dd-cws](https://github.com/dd-cws)] -- Deprecated license: GFDL-1.2+ [[Issue #1899](https://github.com/anchore/syft/issues/1899)] [[PR #1907](https://github.com/anchore/syft/pull/1907)] [[spiffcs](https://github.com/spiffcs)] - -## Breaking Changes - -- Refactor the `source` API and syft-json `source` block data shape [[Issue #1866](https://github.com/anchore/syft/issues/1866)] [[PR #1846](https://github.com/anchore/syft/pull/1846)] [[wagoodman](https://github.com/wagoodman)] - -## Additional Changes - -- chore: update iterations to protect against race [[PR #1927](https://github.com/anchore/syft/pull/1927)] [[spiffcs](https://github.com/spiffcs)] +## [v0.85.0](https://github.com/anchore/syft/tree/v0.85.0) (2023-07-12) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.84.1...v0.85.0) + +## Added Features + +- Add a --base-path command line flag to set the directory base for scans (this option was previously exposed via API only) [[PR #1867](https://github.com/anchore/syft/pull/1867)] [[deitch](https://github.com/deitch)] +- Add file source digest support [[PR #1914](https://github.com/anchore/syft/pull/1914)] [[wagoodman](https://github.com/wagoodman)] +- Remove erroneous Java CPEs from generation [[PR #1918](https://github.com/anchore/syft/pull/1918)] [[luhring](https://github.com/luhring)] +- Fix CPE generation for k8s python client [[PR #1921](https://github.com/anchore/syft/pull/1921)] [[luhring](https://github.com/luhring)] +- Don't use the actual redis or grpc CPEs for gems [[PR #1926](https://github.com/anchore/syft/pull/1926)] [[luhring](https://github.com/luhring)] +- The text user interface is now provided by the bubbletea library [[Issue #1441](https://github.com/anchore/syft/issues/1441)] [[PR #1888](https://github.com/anchore/syft/pull/1888)] [[wagoodman](https://github.com/wagoodman)] + +## Bug Fixes + +- Install script returns exit code 0 even if install fails [[Issue #1566](https://github.com/anchore/syft/issues/1566)] [[PR #1915](https://github.com/anchore/syft/pull/1915)] [[lorsatti](https://github.com/lorsatti)] +- [Windows] Not able to scan volume mounted to folder [[Issue #1828](https://github.com/anchore/syft/issues/1828)] [[PR #1884](https://github.com/anchore/syft/pull/1884)] [[dd-cws](https://github.com/dd-cws)] +- Deprecated license: GFDL-1.2+ [[Issue #1899](https://github.com/anchore/syft/issues/1899)] [[PR #1907](https://github.com/anchore/syft/pull/1907)] [[spiffcs](https://github.com/spiffcs)] + +## Breaking Changes + +- Refactor the `source` API and syft-json `source` block data shape [[Issue #1866](https://github.com/anchore/syft/issues/1866)] [[PR #1846](https://github.com/anchore/syft/pull/1846)] [[wagoodman](https://github.com/wagoodman)] + +## Additional Changes + +- chore: update iterations to protect against race [[PR #1927](https://github.com/anchore/syft/pull/1927)] [[spiffcs](https://github.com/spiffcs)] - fix: background reader apart from global handler for testing [[PR #1929](https://github.com/anchore/syft/pull/1929)] [[spiffcs](https://github.com/spiffcs)] diff --git a/content/docs/releases/syft/v0.86.0.md b/content/docs/releases/syft/v0.86.0.md index 40ad63ab..8e280959 100644 --- a/content/docs/releases/syft/v0.86.0.md +++ b/content/docs/releases/syft/v0.86.0.md @@ -11,24 +11,24 @@ description = "Release notes for syft v0.86.0" Version [v0.86.0](https://github.com/anchore/syft/releases/tag/v0.86.0) -## [v0.86.0](https://github.com/anchore/syft/tree/v0.86.0) (2023-07-31) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.85.0...v0.86.0) - -## Added Features - -- Introduce indexed embedded CPE dictionary [[PR #1897](https://github.com/anchore/syft/pull/1897)] [[luhring](https://github.com/luhring)] -- Add cataloger for Swift Package Manager. [[PR #1919](https://github.com/anchore/syft/pull/1919)] [[trilleplay](https://github.com/trilleplay)] -- Guess unpinned versions in python requirements.txt [[PR #1597](https://github.com/anchore/syft/pull/1597)] [[PR #1966](https://github.com/anchore/syft/pull/1966)] [[manifestori](https://github.com/manifestori)] [[wagoodman](https://github.com/wagoodman)] -- Create a package record for the artifact an SBOM described when creating a SPDX SBOM [[Issue #1661](https://github.com/anchore/syft/issues/1661)] [[Issue #1241](https://github.com/anchore/syft/issues/1241)] [[PR #1934](https://github.com/anchore/syft/pull/1934)] [[kzantow](https://github.com/kzantow)] - -## Bug Fixes - -- Fix panic condition on docker pull failure [[PR #1968](https://github.com/anchore/syft/pull/1968)] [[wagoodman](https://github.com/wagoodman)] -- Syft reports the "minimum required version" of .NET assemblies rather than the "assembly version" [[Issue #1799](https://github.com/anchore/syft/issues/1799)] [[PR #1943](https://github.com/anchore/syft/pull/1943)] [[luhring](https://github.com/luhring)] -- Grype cannot read SPDX documents generated by SPDX-maven-plugin [[PR #1969](https://github.com/anchore/syft/pull/1969)] [[spiffcs](https://github.com/spiffcs)] - -## Breaking Changes - -- Remove jotframe UI [[PR #1932](https://github.com/anchore/syft/pull/1932)] [[wagoodman](https://github.com/wagoodman)] +## [v0.86.0](https://github.com/anchore/syft/tree/v0.86.0) (2023-07-31) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.85.0...v0.86.0) + +## Added Features + +- Introduce indexed embedded CPE dictionary [[PR #1897](https://github.com/anchore/syft/pull/1897)] [[luhring](https://github.com/luhring)] +- Add cataloger for Swift Package Manager. [[PR #1919](https://github.com/anchore/syft/pull/1919)] [[trilleplay](https://github.com/trilleplay)] +- Guess unpinned versions in python requirements.txt [[PR #1597](https://github.com/anchore/syft/pull/1597)] [[PR #1966](https://github.com/anchore/syft/pull/1966)] [[manifestori](https://github.com/manifestori)] [[wagoodman](https://github.com/wagoodman)] +- Create a package record for the artifact an SBOM described when creating a SPDX SBOM [[Issue #1661](https://github.com/anchore/syft/issues/1661)] [[Issue #1241](https://github.com/anchore/syft/issues/1241)] [[PR #1934](https://github.com/anchore/syft/pull/1934)] [[kzantow](https://github.com/kzantow)] + +## Bug Fixes + +- Fix panic condition on docker pull failure [[PR #1968](https://github.com/anchore/syft/pull/1968)] [[wagoodman](https://github.com/wagoodman)] +- Syft reports the "minimum required version" of .NET assemblies rather than the "assembly version" [[Issue #1799](https://github.com/anchore/syft/issues/1799)] [[PR #1943](https://github.com/anchore/syft/pull/1943)] [[luhring](https://github.com/luhring)] +- Grype cannot read SPDX documents generated by SPDX-maven-plugin [[PR #1969](https://github.com/anchore/syft/pull/1969)] [[spiffcs](https://github.com/spiffcs)] + +## Breaking Changes + +- Remove jotframe UI [[PR #1932](https://github.com/anchore/syft/pull/1932)] [[wagoodman](https://github.com/wagoodman)] - Simplify python env markers [[PR #1967](https://github.com/anchore/syft/pull/1967)] [[wagoodman](https://github.com/wagoodman)] diff --git a/content/docs/releases/syft/v0.86.1.md b/content/docs/releases/syft/v0.86.1.md index 9118d722..c1a132c1 100644 --- a/content/docs/releases/syft/v0.86.1.md +++ b/content/docs/releases/syft/v0.86.1.md @@ -11,10 +11,10 @@ description = "Release notes for syft v0.86.1" Version [v0.86.1](https://github.com/anchore/syft/releases/tag/v0.86.1) -## [v0.86.1](https://github.com/anchore/syft/tree/v0.86.1) (2023-07-31) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.86.0...v0.86.1) - -## Bug Fixes - +## [v0.86.1](https://github.com/anchore/syft/tree/v0.86.1) (2023-07-31) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.86.0...v0.86.1) + +## Bug Fixes + - Source requires default image name as user input for unparsable reference [[PR #1979](https://github.com/anchore/syft/pull/1979)] [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/syft/v0.87.0.md b/content/docs/releases/syft/v0.87.0.md index abbf0588..6fdedef7 100644 --- a/content/docs/releases/syft/v0.87.0.md +++ b/content/docs/releases/syft/v0.87.0.md @@ -11,7 +11,7 @@ description = "Release notes for syft v0.87.0" Version [v0.87.0](https://github.com/anchore/syft/releases/tag/v0.87.0) -# +# ## [v0.87.0](https://github.com/anchore/syft/tree/v0.87.0) (2023-08-14) diff --git a/content/docs/releases/syft/v0.87.1.md b/content/docs/releases/syft/v0.87.1.md index 82982b98..d6f1c8d1 100644 --- a/content/docs/releases/syft/v0.87.1.md +++ b/content/docs/releases/syft/v0.87.1.md @@ -11,15 +11,15 @@ description = "Release notes for syft v0.87.1" Version [v0.87.1](https://github.com/anchore/syft/releases/tag/v0.87.1) -# - -## [v0.87.1](https://github.com/anchore/syft/tree/v0.87.1) (2023-08-17) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.87.0...v0.87.1) - -## Bug Fixes - -- Use Java package names to determine known groupIDs [[PR #2032](https://github.com/anchore/syft/pull/2032)] [[kzantow](https://github.com/kzantow)] -- Relationships section of CycloneDX is not outputting even when the data is present [[Issue #1972](https://github.com/anchore/syft/issues/1972)] [[PR #1974](https://github.com/anchore/syft/pull/1974)] [[markgalpin](https://github.com/markgalpin)] [[kzantow](https://github.com/kzantow)] -- SPDX Tag-Value conversion not handling files directly set on packages [[Issue #2013](https://github.com/anchore/syft/issues/2013)] [[PR #2014](https://github.com/anchore/syft/pull/2014)] [[kzantow](https://github.com/kzantow)] +# + +## [v0.87.1](https://github.com/anchore/syft/tree/v0.87.1) (2023-08-17) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.87.0...v0.87.1) + +## Bug Fixes + +- Use Java package names to determine known groupIDs [[PR #2032](https://github.com/anchore/syft/pull/2032)] [[kzantow](https://github.com/kzantow)] +- Relationships section of CycloneDX is not outputting even when the data is present [[Issue #1972](https://github.com/anchore/syft/issues/1972)] [[PR #1974](https://github.com/anchore/syft/pull/1974)] [[markgalpin](https://github.com/markgalpin)] [[kzantow](https://github.com/kzantow)] +- SPDX Tag-Value conversion not handling files directly set on packages [[Issue #2013](https://github.com/anchore/syft/issues/2013)] [[PR #2014](https://github.com/anchore/syft/pull/2014)] [[kzantow](https://github.com/kzantow)] - Intermittent binary listings, different results every time [[Issue #2035](https://github.com/anchore/syft/issues/2035)] [[PR #2036](https://github.com/anchore/syft/pull/2036)] [[kzantow](https://github.com/kzantow)] diff --git a/content/docs/releases/syft/v0.88.0.md b/content/docs/releases/syft/v0.88.0.md index 240d9a2e..ee5b309a 100644 --- a/content/docs/releases/syft/v0.88.0.md +++ b/content/docs/releases/syft/v0.88.0.md @@ -11,7 +11,7 @@ description = "Release notes for syft v0.88.0" Version [v0.88.0](https://github.com/anchore/syft/releases/tag/v0.88.0) -# +# ## [v0.88.0](https://github.com/anchore/syft/tree/v0.88.0) (2023-08-25) diff --git a/content/docs/releases/syft/v0.89.0.md b/content/docs/releases/syft/v0.89.0.md index 51c0631b..8ee94b3c 100644 --- a/content/docs/releases/syft/v0.89.0.md +++ b/content/docs/releases/syft/v0.89.0.md @@ -11,23 +11,23 @@ description = "Release notes for syft v0.89.0" Version [v0.89.0](https://github.com/anchore/syft/releases/tag/v0.89.0) -# - -## [v0.89.0](https://github.com/anchore/syft/tree/v0.89.0) (2023-08-31) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.88.0...v0.89.0) - -## Added Features - -- Add registry certificate verification support [[PR #1734](https://github.com/anchore/syft/pull/1734)] [[5p2O5pe25ouT](https://github.com/5p2O5pe25ouT)] -- Add SYFT_CONFIG environment variable for configuration file path [[Issue #1986](https://github.com/anchore/syft/issues/1986)] [[PR #2001](https://github.com/anchore/syft/pull/2001)] [[kzantow](https://github.com/kzantow)] - -## Bug Fixes - -- Fix quiet flag [[PR #2081](https://github.com/anchore/syft/pull/2081)] [[wagoodman](https://github.com/wagoodman)] -- Command line flags not overriding configuration file values [[Issue #1143](https://github.com/anchore/syft/issues/1143)] [[PR #2001](https://github.com/anchore/syft/pull/2001)] [[kzantow](https://github.com/kzantow)] -- Django package CPE is not correct [[Issue #1298](https://github.com/anchore/syft/issues/1298)] [[PR #2068](https://github.com/anchore/syft/pull/2068)] [[witchcraze](https://github.com/witchcraze)] -- Config parsing includes `config.yaml` in working dir [[Issue #1634](https://github.com/anchore/syft/issues/1634)] [[PR #2001](https://github.com/anchore/syft/pull/2001)] [[kzantow](https://github.com/kzantow)] -- Fix a possible panic on universal go binaries [[Issue #2073](https://github.com/anchore/syft/issues/2073)] [[PR #2078](https://github.com/anchore/syft/pull/2078)] [[willmurphyscode](https://github.com/willmurphyscode)] -- Disabling catalogers is not working in power user command [[Issue #2074](https://github.com/anchore/syft/issues/2074)] [[PR #2001](https://github.com/anchore/syft/pull/2001)] [[kzantow](https://github.com/kzantow)] +# + +## [v0.89.0](https://github.com/anchore/syft/tree/v0.89.0) (2023-08-31) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.88.0...v0.89.0) + +## Added Features + +- Add registry certificate verification support [[PR #1734](https://github.com/anchore/syft/pull/1734)] [[5p2O5pe25ouT](https://github.com/5p2O5pe25ouT)] +- Add SYFT_CONFIG environment variable for configuration file path [[Issue #1986](https://github.com/anchore/syft/issues/1986)] [[PR #2001](https://github.com/anchore/syft/pull/2001)] [[kzantow](https://github.com/kzantow)] + +## Bug Fixes + +- Fix quiet flag [[PR #2081](https://github.com/anchore/syft/pull/2081)] [[wagoodman](https://github.com/wagoodman)] +- Command line flags not overriding configuration file values [[Issue #1143](https://github.com/anchore/syft/issues/1143)] [[PR #2001](https://github.com/anchore/syft/pull/2001)] [[kzantow](https://github.com/kzantow)] +- Django package CPE is not correct [[Issue #1298](https://github.com/anchore/syft/issues/1298)] [[PR #2068](https://github.com/anchore/syft/pull/2068)] [[witchcraze](https://github.com/witchcraze)] +- Config parsing includes `config.yaml` in working dir [[Issue #1634](https://github.com/anchore/syft/issues/1634)] [[PR #2001](https://github.com/anchore/syft/pull/2001)] [[kzantow](https://github.com/kzantow)] +- Fix a possible panic on universal go binaries [[Issue #2073](https://github.com/anchore/syft/issues/2073)] [[PR #2078](https://github.com/anchore/syft/pull/2078)] [[willmurphyscode](https://github.com/willmurphyscode)] +- Disabling catalogers is not working in power user command [[Issue #2074](https://github.com/anchore/syft/issues/2074)] [[PR #2001](https://github.com/anchore/syft/pull/2001)] [[kzantow](https://github.com/kzantow)] - Virtual path changes to java cataloger causing creation of extra incorrect packages when jars are renamed [[Issue #2077](https://github.com/anchore/syft/issues/2077)] [[PR #2080](https://github.com/anchore/syft/pull/2080)] [[willmurphyscode](https://github.com/willmurphyscode)] diff --git a/content/docs/releases/syft/v0.9.0.md b/content/docs/releases/syft/v0.9.0.md index 6584054e..0b2d2274 100644 --- a/content/docs/releases/syft/v0.9.0.md +++ b/content/docs/releases/syft/v0.9.0.md @@ -11,19 +11,17 @@ description = "Release notes for syft v0.9.0" Version [v0.9.0](https://github.com/anchore/syft/releases/tag/v0.9.0) -## [v0.9.0](https://github.com/anchore/syft/tree/v0.9.0) (2020-11-30) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.8.0...v0.9.0) - -**Implemented enhancements:** - -- Generate json schema from struct definitions [\#276](https://github.com/anchore/syft/pull/276) ([wagoodman](https://github.com/wagoodman)) - -**Fixed bugs:** - -- Update stereoscope version to fix opaque directory merge issue [\#278](https://github.com/anchore/syft/pull/278) ([luhring](https://github.com/luhring)) -- Our project's Docker image kills `syft` and `grype` [\#264](https://github.com/anchore/syft/issues/264) ([luhring](https://github.com/luhring)) - - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.9.0](https://github.com/anchore/syft/tree/v0.9.0) (2020-11-30) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.8.0...v0.9.0) + +**Implemented enhancements:** + +- Generate json schema from struct definitions [\#276](https://github.com/anchore/syft/pull/276) ([wagoodman](https://github.com/wagoodman)) + +**Fixed bugs:** + +- Update stereoscope version to fix opaque directory merge issue [\#278](https://github.com/anchore/syft/pull/278) ([luhring](https://github.com/luhring)) +- Our project's Docker image kills `syft` and `grype` [\#264](https://github.com/anchore/syft/issues/264) ([luhring](https://github.com/luhring)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.9.1.md b/content/docs/releases/syft/v0.9.1.md index 25f2a204..a04fd7e3 100644 --- a/content/docs/releases/syft/v0.9.1.md +++ b/content/docs/releases/syft/v0.9.1.md @@ -11,12 +11,12 @@ description = "Release notes for syft v0.9.1" Version [v0.9.1](https://github.com/anchore/syft/releases/tag/v0.9.1) -## [v0.9.1](https://github.com/anchore/syft/tree/v0.9.1) (2020-12-02) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.9.0...v0.9.1) - -**Implemented enhancements:** - -- Include CPEs with elements from POM GroupId fields [\#279](https://github.com/anchore/syft/pull/279) ([wagoodman](https://github.com/wagoodman)) - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.9.1](https://github.com/anchore/syft/tree/v0.9.1) (2020-12-02) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.9.0...v0.9.1) + +**Implemented enhancements:** + +- Include CPEs with elements from POM GroupId fields [\#279](https://github.com/anchore/syft/pull/279) ([wagoodman](https://github.com/wagoodman)) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.9.2.md b/content/docs/releases/syft/v0.9.2.md index c463df6d..c0bd69a1 100644 --- a/content/docs/releases/syft/v0.9.2.md +++ b/content/docs/releases/syft/v0.9.2.md @@ -11,13 +11,12 @@ description = "Release notes for syft v0.9.2" Version [v0.9.2](https://github.com/anchore/syft/releases/tag/v0.9.2) -## [v0.9.2](https://github.com/anchore/syft/tree/v0.9.2) (2020-12-03) - -[Full Changelog](https://github.com/anchore/syft/compare/v0.9.1...v0.9.2) - -**Fixed bugs:** - -- Unable to pull/analyze docker image as of 0.9.0 [\#284](https://github.com/anchore/syft/issues/284) - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +## [v0.9.2](https://github.com/anchore/syft/tree/v0.9.2) (2020-12-03) + +[Full Changelog](https://github.com/anchore/syft/compare/v0.9.1...v0.9.2) + +**Fixed bugs:** + +- Unable to pull/analyze docker image as of 0.9.0 [\#284](https://github.com/anchore/syft/issues/284) + +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/content/docs/releases/syft/v0.90.0.md b/content/docs/releases/syft/v0.90.0.md index 47a91857..c52bec6e 100644 --- a/content/docs/releases/syft/v0.90.0.md +++ b/content/docs/releases/syft/v0.90.0.md @@ -11,7 +11,7 @@ description = "Release notes for syft v0.90.0" Version [v0.90.0](https://github.com/anchore/syft/releases/tag/v0.90.0) -# +# ## [v0.90.0](https://github.com/anchore/syft/tree/v0.90.0) (2023-09-11) diff --git a/content/docs/releases/syft/v0.91.0.md b/content/docs/releases/syft/v0.91.0.md index e6d6e8b2..ff018c91 100644 --- a/content/docs/releases/syft/v0.91.0.md +++ b/content/docs/releases/syft/v0.91.0.md @@ -11,28 +11,28 @@ description = "Release notes for syft v0.91.0" Version [v0.91.0](https://github.com/anchore/syft/releases/tag/v0.91.0) -## Added Features - -- Add support for CycloneDX 1.5 [[#2120](https://github.com/anchore/syft/issues/2120) [#2123](https://github.com/anchore/syft/pull/2123) [@spiffcs](https://github.com/spiffcs)] -- Add support for containerd as an image source [[#201](https://github.com/anchore/syft/issues/201) [#1793](https://github.com/anchore/syft/pull/1793) [@shanedell](https://github.com/shanedell)] -- Support cataloging github workflow & github action usages [[#1896](https://github.com/anchore/syft/issues/1896) [#2140](https://github.com/anchore/syft/pull/2140) [@wagoodman](https://github.com/wagoodman)] - -## Bug Fixes - -- Allow CycloneDX json input with no components [[#2127](https://github.com/anchore/syft/pull/2127) [@ahoz](https://github.com/ahoz)] -- Prevent errors from clobbering terminal [[#2161](https://github.com/anchore/syft/pull/2161) [@kzantow](https://github.com/kzantow)] -- Using syft as a go library to decode a syft json has incomplete data [[#2069](https://github.com/anchore/syft/issues/2069) [#2083](https://github.com/anchore/syft/pull/2083) [@kzantow](https://github.com/kzantow)] -- SBOMs are not the same on multiple runs of syft [[#1944](https://github.com/anchore/syft/issues/1944)] - -## Additional Changes - -- Switch to stdlib's slices pkg [[#2148](https://github.com/anchore/syft/pull/2148) [@hainenber](https://github.com/hainenber)] -- Remove unneeded arch switch in unit test [[#2156](https://github.com/anchore/syft/pull/2156) [@willmurphyscode](https://github.com/willmurphyscode)] -- Update chronicle to v0.8.0 [[#2154](https://github.com/anchore/syft/pull/2154) [@wagoodman](https://github.com/wagoodman)] -- Update to latest stereoscope [[#2151](https://github.com/anchore/syft/pull/2151) [@spiffcs](https://github.com/spiffcs)] -- Pin workflow checkout for cpe update-cpe-dictionary-index [[#2141](https://github.com/anchore/syft/pull/2141) [@spiffcs](https://github.com/spiffcs)] -- Add dependency information to conan lockfile parser [[#2131](https://github.com/anchore/syft/pull/2131) [@Pro](https://github.com/Pro)] -- Pin and update all workflow dependencies; add permission scopes [[#2138](https://github.com/anchore/syft/pull/2138) [@spiffcs](https://github.com/spiffcs)] -- Enforce race detector [[#2122](https://github.com/anchore/syft/pull/2122) [@willmurphyscode](https://github.com/willmurphyscode)] - +## Added Features + +- Add support for CycloneDX 1.5 [[#2120](https://github.com/anchore/syft/issues/2120) [#2123](https://github.com/anchore/syft/pull/2123) [@spiffcs](https://github.com/spiffcs)] +- Add support for containerd as an image source [[#201](https://github.com/anchore/syft/issues/201) [#1793](https://github.com/anchore/syft/pull/1793) [@shanedell](https://github.com/shanedell)] +- Support cataloging github workflow & github action usages [[#1896](https://github.com/anchore/syft/issues/1896) [#2140](https://github.com/anchore/syft/pull/2140) [@wagoodman](https://github.com/wagoodman)] + +## Bug Fixes + +- Allow CycloneDX json input with no components [[#2127](https://github.com/anchore/syft/pull/2127) [@ahoz](https://github.com/ahoz)] +- Prevent errors from clobbering terminal [[#2161](https://github.com/anchore/syft/pull/2161) [@kzantow](https://github.com/kzantow)] +- Using syft as a go library to decode a syft json has incomplete data [[#2069](https://github.com/anchore/syft/issues/2069) [#2083](https://github.com/anchore/syft/pull/2083) [@kzantow](https://github.com/kzantow)] +- SBOMs are not the same on multiple runs of syft [[#1944](https://github.com/anchore/syft/issues/1944)] + +## Additional Changes + +- Switch to stdlib's slices pkg [[#2148](https://github.com/anchore/syft/pull/2148) [@hainenber](https://github.com/hainenber)] +- Remove unneeded arch switch in unit test [[#2156](https://github.com/anchore/syft/pull/2156) [@willmurphyscode](https://github.com/willmurphyscode)] +- Update chronicle to v0.8.0 [[#2154](https://github.com/anchore/syft/pull/2154) [@wagoodman](https://github.com/wagoodman)] +- Update to latest stereoscope [[#2151](https://github.com/anchore/syft/pull/2151) [@spiffcs](https://github.com/spiffcs)] +- Pin workflow checkout for cpe update-cpe-dictionary-index [[#2141](https://github.com/anchore/syft/pull/2141) [@spiffcs](https://github.com/spiffcs)] +- Add dependency information to conan lockfile parser [[#2131](https://github.com/anchore/syft/pull/2131) [@Pro](https://github.com/Pro)] +- Pin and update all workflow dependencies; add permission scopes [[#2138](https://github.com/anchore/syft/pull/2138) [@spiffcs](https://github.com/spiffcs)] +- Enforce race detector [[#2122](https://github.com/anchore/syft/pull/2122) [@willmurphyscode](https://github.com/willmurphyscode)] + **[(Full Changelog)](https://github.com/anchore/syft/compare/v0.90.0...v0.91.0)** diff --git a/content/docs/releases/syft/v0.95.0.md b/content/docs/releases/syft/v0.95.0.md index 1361c83d..3b4245ab 100644 --- a/content/docs/releases/syft/v0.95.0.md +++ b/content/docs/releases/syft/v0.95.0.md @@ -11,39 +11,38 @@ description = "Release notes for syft v0.95.0" Version [v0.95.0](https://github.com/anchore/syft/releases/tag/v0.95.0) -## Added Features - -- Use case-insensitive matching for Go license files [[#2286](https://github.com/anchore/syft/pull/2286) [@miquella](https://github.com/miquella)] -- Add conaninfo.txt parser to detect conan packages in docker images [[#2234](https://github.com/anchore/syft/pull/2234) [@Pro](https://github.com/Pro)] -- Perform case insensitive matching on Java License files [[#2235](https://github.com/anchore/syft/pull/2235) [@coheigea](https://github.com/coheigea)] -- Read a license from a parent pom stored in Maven Central [[#2228](https://github.com/anchore/syft/pull/2228) [@coheigea](https://github.com/coheigea)] -- Add PURLs when scanning Gradle lock files [[#2278](https://github.com/anchore/syft/pull/2278) [@robbiev](https://github.com/robbiev)] - - -## Bug Fixes - -- Fix CPE index workflow [[#2252](https://github.com/anchore/syft/pull/2252) [@wagoodman](https://github.com/wagoodman)] -- Fix cpe generation task [[#2270](https://github.com/anchore/syft/pull/2270) [@willmurphyscode](https://github.com/willmurphyscode)] -- Introduce cataloger naming conventions [[#1578](https://github.com/anchore/syft/issues/1578) [#2277](https://github.com/anchore/syft/pull/2277) [@wagoodman](https://github.com/wagoodman)] -- .NET / nuget - invalid SBOM generated after parsing [[#2255](https://github.com/anchore/syft/issues/2255) [#2273](https://github.com/anchore/syft/pull/2273) [@spiffcs](https://github.com/spiffcs)] -- Wrong parsing after v0.85.0 syft for some components [[#2241](https://github.com/anchore/syft/issues/2241) [#2273](https://github.com/anchore/syft/pull/2273) [@spiffcs](https://github.com/spiffcs)] -- SPDX-2.3 is misidentified as SPDX-2.2 [[#2112](https://github.com/anchore/syft/issues/2112) [#2186](https://github.com/anchore/syft/pull/2186) [@wagoodman](https://github.com/wagoodman)] -- Jar parser chokes on empty lines [[#2179](https://github.com/anchore/syft/issues/2179) [#2254](https://github.com/anchore/syft/pull/2254) [@spiffcs](https://github.com/spiffcs)] -- Add a new Java configuration option to recursively search parent poms… [[#2274](https://github.com/anchore/syft/pull/2274) [@coheigea](https://github.com/coheigea)] -- Fix directory resolver to always return virtual path [[#2259](https://github.com/anchore/syft/pull/2259) [@wagoodman](https://github.com/wagoodman)] -- Syft can now handle the case of parsing a jar with multiple poms [[#2231](https://github.com/anchore/syft/pull/2231) [@coheigea](https://github.com/coheigea)] -- Add ruby.NewGemSpecCataloger to DirectoryCatalogers [[#1971](https://github.com/anchore/syft/pull/1971) [@evanchaoli](https://github.com/evanchaoli)] - -## Breaking Changes - -- Introduce cataloger naming conventions [[#1578](https://github.com/anchore/syft/issues/1578) [#2277](https://github.com/anchore/syft/pull/2277) [@wagoodman](https://github.com/wagoodman)] -- Remove MetadataType from the core package struct [[#1735](https://github.com/anchore/syft/issues/1735) [#1983](https://github.com/anchore/syft/pull/1983) [@wagoodman](https://github.com/wagoodman)] -- Add convention for JSON metadata type names and port existing values to the new convention [[#1844](https://github.com/anchore/syft/issues/1844) [#1983](https://github.com/anchore/syft/pull/1983) [@wagoodman](https://github.com/wagoodman)] -- Remove deprecated syft.Format functions [[#1344](https://github.com/anchore/syft/issues/1344) [#2186](https://github.com/anchore/syft/pull/2186) [@wagoodman](https://github.com/wagoodman)] - -## Additional Changes - -- Upgrade tool management [[#2188](https://github.com/anchore/syft/pull/2188) [@wagoodman](https://github.com/wagoodman)] -- Fix homebrew post-release workflow [[#2242](https://github.com/anchore/syft/pull/2242) [@wagoodman](https://github.com/wagoodman)] - +## Added Features + +- Use case-insensitive matching for Go license files [[#2286](https://github.com/anchore/syft/pull/2286) [@miquella](https://github.com/miquella)] +- Add conaninfo.txt parser to detect conan packages in docker images [[#2234](https://github.com/anchore/syft/pull/2234) [@Pro](https://github.com/Pro)] +- Perform case insensitive matching on Java License files [[#2235](https://github.com/anchore/syft/pull/2235) [@coheigea](https://github.com/coheigea)] +- Read a license from a parent pom stored in Maven Central [[#2228](https://github.com/anchore/syft/pull/2228) [@coheigea](https://github.com/coheigea)] +- Add PURLs when scanning Gradle lock files [[#2278](https://github.com/anchore/syft/pull/2278) [@robbiev](https://github.com/robbiev)] + +## Bug Fixes + +- Fix CPE index workflow [[#2252](https://github.com/anchore/syft/pull/2252) [@wagoodman](https://github.com/wagoodman)] +- Fix cpe generation task [[#2270](https://github.com/anchore/syft/pull/2270) [@willmurphyscode](https://github.com/willmurphyscode)] +- Introduce cataloger naming conventions [[#1578](https://github.com/anchore/syft/issues/1578) [#2277](https://github.com/anchore/syft/pull/2277) [@wagoodman](https://github.com/wagoodman)] +- .NET / nuget - invalid SBOM generated after parsing [[#2255](https://github.com/anchore/syft/issues/2255) [#2273](https://github.com/anchore/syft/pull/2273) [@spiffcs](https://github.com/spiffcs)] +- Wrong parsing after v0.85.0 syft for some components [[#2241](https://github.com/anchore/syft/issues/2241) [#2273](https://github.com/anchore/syft/pull/2273) [@spiffcs](https://github.com/spiffcs)] +- SPDX-2.3 is misidentified as SPDX-2.2 [[#2112](https://github.com/anchore/syft/issues/2112) [#2186](https://github.com/anchore/syft/pull/2186) [@wagoodman](https://github.com/wagoodman)] +- Jar parser chokes on empty lines [[#2179](https://github.com/anchore/syft/issues/2179) [#2254](https://github.com/anchore/syft/pull/2254) [@spiffcs](https://github.com/spiffcs)] +- Add a new Java configuration option to recursively search parent poms… [[#2274](https://github.com/anchore/syft/pull/2274) [@coheigea](https://github.com/coheigea)] +- Fix directory resolver to always return virtual path [[#2259](https://github.com/anchore/syft/pull/2259) [@wagoodman](https://github.com/wagoodman)] +- Syft can now handle the case of parsing a jar with multiple poms [[#2231](https://github.com/anchore/syft/pull/2231) [@coheigea](https://github.com/coheigea)] +- Add ruby.NewGemSpecCataloger to DirectoryCatalogers [[#1971](https://github.com/anchore/syft/pull/1971) [@evanchaoli](https://github.com/evanchaoli)] + +## Breaking Changes + +- Introduce cataloger naming conventions [[#1578](https://github.com/anchore/syft/issues/1578) [#2277](https://github.com/anchore/syft/pull/2277) [@wagoodman](https://github.com/wagoodman)] +- Remove MetadataType from the core package struct [[#1735](https://github.com/anchore/syft/issues/1735) [#1983](https://github.com/anchore/syft/pull/1983) [@wagoodman](https://github.com/wagoodman)] +- Add convention for JSON metadata type names and port existing values to the new convention [[#1844](https://github.com/anchore/syft/issues/1844) [#1983](https://github.com/anchore/syft/pull/1983) [@wagoodman](https://github.com/wagoodman)] +- Remove deprecated syft.Format functions [[#1344](https://github.com/anchore/syft/issues/1344) [#2186](https://github.com/anchore/syft/pull/2186) [@wagoodman](https://github.com/wagoodman)] + +## Additional Changes + +- Upgrade tool management [[#2188](https://github.com/anchore/syft/pull/2188) [@wagoodman](https://github.com/wagoodman)] +- Fix homebrew post-release workflow [[#2242](https://github.com/anchore/syft/pull/2242) [@wagoodman](https://github.com/wagoodman)] + **[(Full Changelog)](https://github.com/anchore/syft/compare/v0.94.0...v0.95.0)** diff --git a/content/docs/releases/syft/v0.98.0.md b/content/docs/releases/syft/v0.98.0.md index 6ae66a13..8abe28ed 100644 --- a/content/docs/releases/syft/v0.98.0.md +++ b/content/docs/releases/syft/v0.98.0.md @@ -11,36 +11,37 @@ description = "Release notes for syft v0.98.0" Version [v0.98.0](https://github.com/anchore/syft/releases/tag/v0.98.0) -## Added Features - -- Add binary classifiers for MySQL and MariaDB [[#2316](https://github.com/anchore/syft/pull/2316) [@duanemay](https://github.com/duanemay)] -- Enhance redis binary classifier to support additional versions [[#2329](https://github.com/anchore/syft/pull/2329) [@whalelines](https://github.com/whalelines)] -- Expose compact JSON and XML format configuration [[#561](https://github.com/anchore/syft/issues/561) [#2275](https://github.com/anchore/syft/pull/2275) [@wagoodman](https://github.com/wagoodman)] - -## Bug Fixes - -- Fix file metadata cataloger when passed explicit coordinates [[#2370](https://github.com/anchore/syft/pull/2370) [@wagoodman](https://github.com/wagoodman)] -- hardcode xalan group ID [[#2368](https://github.com/anchore/syft/pull/2368) [@willmurphyscode](https://github.com/willmurphyscode)] -- logging level for parsing potential PE files [[#2367](https://github.com/anchore/syft/pull/2367) [@kzantow](https://github.com/kzantow)] -- Use read lock in `pkg.Collection` [[#2341](https://github.com/anchore/syft/pull/2341) [@wagoodman](https://github.com/wagoodman)] -- add manual namespace mapping for org.springframework jars [[#2345](https://github.com/anchore/syft/pull/2345) [@westonsteimel](https://github.com/westonsteimel)] -- add manual namespace mapping for org.springframework.security jars [[#2343](https://github.com/anchore/syft/pull/2343) [@westonsteimel](https://github.com/westonsteimel)] -- errors are printed into the stdout in syft 0.97.1 [[#2356](https://github.com/anchore/syft/issues/2356) [#2364](https://github.com/anchore/syft/pull/2364) [@kzantow](https://github.com/kzantow)] -- `syft some-jar.jar` fails to find packages if PWD is a symlink [[#2355](https://github.com/anchore/syft/issues/2355) [#2359](https://github.com/anchore/syft/pull/2359) [@willmurphyscode](https://github.com/willmurphyscode)] -- Default for recently added base path, `""`, disables detection of symlinked `*.jar` files [[#1962](https://github.com/anchore/syft/issues/1962) [#2359](https://github.com/anchore/syft/pull/2359) [@willmurphyscode](https://github.com/willmurphyscode)] -- `syft attest` broken since 0.85.0 [[#2333](https://github.com/anchore/syft/issues/2333) [#2337](https://github.com/anchore/syft/pull/2337) [@wagoodman](https://github.com/wagoodman)] -- Incorrect Java PURL for org.bouncycastle jars [[#2339](https://github.com/anchore/syft/issues/2339) [#2342](https://github.com/anchore/syft/pull/2342) [@westonsteimel](https://github.com/westonsteimel)] - -## Breaking Changes - -- Remove power-user command and related catalogers [[#1419](https://github.com/anchore/syft/issues/1419) [#2306](https://github.com/anchore/syft/pull/2306) [@wagoodman](https://github.com/wagoodman)] - -## Additional Changes - -- Normalize cataloger configuration patterns [[#2365](https://github.com/anchore/syft/pull/2365) [@wagoodman](https://github.com/wagoodman)] -- Normalize enums to lowercase with hyphens [[#2363](https://github.com/anchore/syft/pull/2363) [@wagoodman](https://github.com/wagoodman)] - -**[(Full Changelog)](https://github.com/anchore/syft/compare/v0.97.1...v0.98.0)** - -#### Special Thanks +## Added Features + +- Add binary classifiers for MySQL and MariaDB [[#2316](https://github.com/anchore/syft/pull/2316) [@duanemay](https://github.com/duanemay)] +- Enhance redis binary classifier to support additional versions [[#2329](https://github.com/anchore/syft/pull/2329) [@whalelines](https://github.com/whalelines)] +- Expose compact JSON and XML format configuration [[#561](https://github.com/anchore/syft/issues/561) [#2275](https://github.com/anchore/syft/pull/2275) [@wagoodman](https://github.com/wagoodman)] + +## Bug Fixes + +- Fix file metadata cataloger when passed explicit coordinates [[#2370](https://github.com/anchore/syft/pull/2370) [@wagoodman](https://github.com/wagoodman)] +- hardcode xalan group ID [[#2368](https://github.com/anchore/syft/pull/2368) [@willmurphyscode](https://github.com/willmurphyscode)] +- logging level for parsing potential PE files [[#2367](https://github.com/anchore/syft/pull/2367) [@kzantow](https://github.com/kzantow)] +- Use read lock in `pkg.Collection` [[#2341](https://github.com/anchore/syft/pull/2341) [@wagoodman](https://github.com/wagoodman)] +- add manual namespace mapping for org.springframework jars [[#2345](https://github.com/anchore/syft/pull/2345) [@westonsteimel](https://github.com/westonsteimel)] +- add manual namespace mapping for org.springframework.security jars [[#2343](https://github.com/anchore/syft/pull/2343) [@westonsteimel](https://github.com/westonsteimel)] +- errors are printed into the stdout in syft 0.97.1 [[#2356](https://github.com/anchore/syft/issues/2356) [#2364](https://github.com/anchore/syft/pull/2364) [@kzantow](https://github.com/kzantow)] +- `syft some-jar.jar` fails to find packages if PWD is a symlink [[#2355](https://github.com/anchore/syft/issues/2355) [#2359](https://github.com/anchore/syft/pull/2359) [@willmurphyscode](https://github.com/willmurphyscode)] +- Default for recently added base path, `""`, disables detection of symlinked `*.jar` files [[#1962](https://github.com/anchore/syft/issues/1962) [#2359](https://github.com/anchore/syft/pull/2359) [@willmurphyscode](https://github.com/willmurphyscode)] +- `syft attest` broken since 0.85.0 [[#2333](https://github.com/anchore/syft/issues/2333) [#2337](https://github.com/anchore/syft/pull/2337) [@wagoodman](https://github.com/wagoodman)] +- Incorrect Java PURL for org.bouncycastle jars [[#2339](https://github.com/anchore/syft/issues/2339) [#2342](https://github.com/anchore/syft/pull/2342) [@westonsteimel](https://github.com/westonsteimel)] + +## Breaking Changes + +- Remove power-user command and related catalogers [[#1419](https://github.com/anchore/syft/issues/1419) [#2306](https://github.com/anchore/syft/pull/2306) [@wagoodman](https://github.com/wagoodman)] + +## Additional Changes + +- Normalize cataloger configuration patterns [[#2365](https://github.com/anchore/syft/pull/2365) [@wagoodman](https://github.com/wagoodman)] +- Normalize enums to lowercase with hyphens [[#2363](https://github.com/anchore/syft/pull/2363) [@wagoodman](https://github.com/wagoodman)] + +**[(Full Changelog)](https://github.com/anchore/syft/compare/v0.97.1...v0.98.0)** + +#### Special Thanks + Thanks [@duanemay](https://github.com/duanemay) and [@whalelines](https://github.com/whalelines) for the enhanced binary classifier support 👍 diff --git a/content/docs/releases/syft/v1.0.0.md b/content/docs/releases/syft/v1.0.0.md index 40e11a23..fa0ceec6 100644 --- a/content/docs/releases/syft/v1.0.0.md +++ b/content/docs/releases/syft/v1.0.0.md @@ -11,18 +11,18 @@ description = "Release notes for syft v1.0.0" Version [v1.0.0](https://github.com/anchore/syft/releases/tag/v1.0.0) -🎉 Checkout the [blog post about v1](https://anchore.com/blog/syft-reaches-v1-0/)! - -## Added Features - -- Allow source type input via CLI flag (not scheme) [[#1783](https://github.com/anchore/syft/issues/1783) [#2610](https://github.com/anchore/syft/pull/2610) [@kzantow](https://github.com/kzantow)] - -## Bug Fixes - -- OpenSSL binary matcher fails to properly detect letter releases [[#2681](https://github.com/anchore/syft/issues/2681) [#2682](https://github.com/anchore/syft/pull/2682) [@harmw](https://github.com/harmw)] -- TUI package count does not match package count in default table output [[#2672](https://github.com/anchore/syft/issues/2672) [#2679](https://github.com/anchore/syft/pull/2679) [@wagoodman](https://github.com/wagoodman)] -- .NET NuGet - dotnet-deps cataloger not working with syft v0.94.0 [[#2264](https://github.com/anchore/syft/issues/2264) [#2674](https://github.com/anchore/syft/pull/2674) [@willmurphyscode](https://github.com/willmurphyscode)] -- New path filtering logic excluding large number of unintended paths [[#2667](https://github.com/anchore/syft/issues/2667) [#2675](https://github.com/anchore/syft/pull/2675) [@wagoodman](https://github.com/wagoodman)] -- Syft TUI can hang when using license fetching from go modules [[#2653](https://github.com/anchore/syft/issues/2653) [#2673](https://github.com/anchore/syft/pull/2673) [@willmurphyscode](https://github.com/willmurphyscode)] - +🎉 Checkout the [blog post about v1](https://anchore.com/blog/syft-reaches-v1-0/)! + +## Added Features + +- Allow source type input via CLI flag (not scheme) [[#1783](https://github.com/anchore/syft/issues/1783) [#2610](https://github.com/anchore/syft/pull/2610) [@kzantow](https://github.com/kzantow)] + +## Bug Fixes + +- OpenSSL binary matcher fails to properly detect letter releases [[#2681](https://github.com/anchore/syft/issues/2681) [#2682](https://github.com/anchore/syft/pull/2682) [@harmw](https://github.com/harmw)] +- TUI package count does not match package count in default table output [[#2672](https://github.com/anchore/syft/issues/2672) [#2679](https://github.com/anchore/syft/pull/2679) [@wagoodman](https://github.com/wagoodman)] +- .NET NuGet - dotnet-deps cataloger not working with syft v0.94.0 [[#2264](https://github.com/anchore/syft/issues/2264) [#2674](https://github.com/anchore/syft/pull/2674) [@willmurphyscode](https://github.com/willmurphyscode)] +- New path filtering logic excluding large number of unintended paths [[#2667](https://github.com/anchore/syft/issues/2667) [#2675](https://github.com/anchore/syft/pull/2675) [@wagoodman](https://github.com/wagoodman)] +- Syft TUI can hang when using license fetching from go modules [[#2653](https://github.com/anchore/syft/issues/2653) [#2673](https://github.com/anchore/syft/pull/2673) [@willmurphyscode](https://github.com/willmurphyscode)] + **[(Full Changelog)](https://github.com/anchore/syft/compare/v0.105.1...v1.0.0)** diff --git a/content/docs/releases/syft/v1.11.0.md b/content/docs/releases/syft/v1.11.0.md index a00218cc..c14c3fd4 100644 --- a/content/docs/releases/syft/v1.11.0.md +++ b/content/docs/releases/syft/v1.11.0.md @@ -11,23 +11,23 @@ description = "Release notes for syft v1.11.0" Version [v1.11.0](https://github.com/anchore/syft/releases/tag/v1.11.0) -## Added Features - -- Added the SWI Prolog (swipl) ecosystem [[#3076](https://github.com/anchore/syft/pull/3076) [@LaurentGoderre](https://github.com/LaurentGoderre)] -- Improved java cataloging [[#2769](https://github.com/anchore/syft/pull/2769) [@GijsCalis](https://github.com/GijsCalis)] - -## Bug Fixes - -- Empty version field on some dependencies when reading pom.xml [[#1129](https://github.com/anchore/syft/issues/1129) [#2769](https://github.com/anchore/syft/pull/2769) [@GijsCalis](https://github.com/GijsCalis)] -- Support Maven multi-level configuration file / parent POM [[#2017](https://github.com/anchore/syft/issues/2017) [#2769](https://github.com/anchore/syft/pull/2769) [@GijsCalis](https://github.com/GijsCalis)] -- DependencyManagement ignored in pom.xml [[#1813](https://github.com/anchore/syft/issues/1813) [#2769](https://github.com/anchore/syft/pull/2769) [@GijsCalis](https://github.com/GijsCalis)] -- Version parsing regression for Go binaries [[#3086](https://github.com/anchore/syft/issues/3086) [#3087](https://github.com/anchore/syft/pull/3087) [@spiffcs](https://github.com/spiffcs)] - -## Additional Changes - -- rather than have a hard max recursive depth - syft should detect parent pom cycles [[#2284](https://github.com/anchore/syft/issues/2284) [#2769](https://github.com/anchore/syft/pull/2769) [@GijsCalis](https://github.com/GijsCalis)] -- increase java purl generation test coverage [[#3110](https://github.com/anchore/syft/pull/3110) [@westonsteimel](https://github.com/westonsteimel)] -- Updated PackageSupplier to type Organization for JAR files [[#3093](https://github.com/anchore/syft/pull/3093) [@harippriyas](https://github.com/harippriyas)] -- Ensure accurate java main artifact name retrieval for multi-JARs and refine fallback approach [[#3054](https://github.com/anchore/syft/pull/3054) [@dor](https://github.com/dor)-hayun] - +## Added Features + +- Added the SWI Prolog (swipl) ecosystem [[#3076](https://github.com/anchore/syft/pull/3076) [@LaurentGoderre](https://github.com/LaurentGoderre)] +- Improved java cataloging [[#2769](https://github.com/anchore/syft/pull/2769) [@GijsCalis](https://github.com/GijsCalis)] + +## Bug Fixes + +- Empty version field on some dependencies when reading pom.xml [[#1129](https://github.com/anchore/syft/issues/1129) [#2769](https://github.com/anchore/syft/pull/2769) [@GijsCalis](https://github.com/GijsCalis)] +- Support Maven multi-level configuration file / parent POM [[#2017](https://github.com/anchore/syft/issues/2017) [#2769](https://github.com/anchore/syft/pull/2769) [@GijsCalis](https://github.com/GijsCalis)] +- DependencyManagement ignored in pom.xml [[#1813](https://github.com/anchore/syft/issues/1813) [#2769](https://github.com/anchore/syft/pull/2769) [@GijsCalis](https://github.com/GijsCalis)] +- Version parsing regression for Go binaries [[#3086](https://github.com/anchore/syft/issues/3086) [#3087](https://github.com/anchore/syft/pull/3087) [@spiffcs](https://github.com/spiffcs)] + +## Additional Changes + +- rather than have a hard max recursive depth - syft should detect parent pom cycles [[#2284](https://github.com/anchore/syft/issues/2284) [#2769](https://github.com/anchore/syft/pull/2769) [@GijsCalis](https://github.com/GijsCalis)] +- increase java purl generation test coverage [[#3110](https://github.com/anchore/syft/pull/3110) [@westonsteimel](https://github.com/westonsteimel)] +- Updated PackageSupplier to type Organization for JAR files [[#3093](https://github.com/anchore/syft/pull/3093) [@harippriyas](https://github.com/harippriyas)] +- Ensure accurate java main artifact name retrieval for multi-JARs and refine fallback approach [[#3054](https://github.com/anchore/syft/pull/3054) [@dor](https://github.com/dor)-hayun] + **[(Full Changelog)](https://github.com/anchore/syft/compare/v1.10.0...v1.11.0)** diff --git a/content/docs/releases/syft/v1.16.0.md b/content/docs/releases/syft/v1.16.0.md index e84643e5..ce8cc98f 100644 --- a/content/docs/releases/syft/v1.16.0.md +++ b/content/docs/releases/syft/v1.16.0.md @@ -11,15 +11,15 @@ description = "Release notes for syft v1.16.0" Version [v1.16.0](https://github.com/anchore/syft/releases/tag/v1.16.0) -## Added Features - -- omit devDependencies for package-lock.json files by default [[#2348](https://github.com/anchore/syft/issues/2348) [#3371](https://github.com/anchore/syft/pull/3371) [@njv299](https://github.com/njv299)] - -## Bug Fixes - -- add support for dependencies and purl for Native Image SBOMs [[#3399](https://github.com/anchore/syft/pull/3399) [@rudsberg](https://github.com/rudsberg)] -- stop bubbling fileResolver errors from binary cataloger [[#3410](https://github.com/anchore/syft/pull/3410) [@spiffcs](https://github.com/spiffcs)] -- malformed pom.xml may cause recursive loop [[#3391](https://github.com/anchore/syft/pull/3391) [@kzantow](https://github.com/kzantow)] -- syft convert: broken link in help - documentation no longer existing [[#3143](https://github.com/anchore/syft/issues/3143) [#3407](https://github.com/anchore/syft/pull/3407) [@Makefolder](https://github.com/Makefolder)] - +## Added Features + +- omit devDependencies for package-lock.json files by default [[#2348](https://github.com/anchore/syft/issues/2348) [#3371](https://github.com/anchore/syft/pull/3371) [@njv299](https://github.com/njv299)] + +## Bug Fixes + +- add support for dependencies and purl for Native Image SBOMs [[#3399](https://github.com/anchore/syft/pull/3399) [@rudsberg](https://github.com/rudsberg)] +- stop bubbling fileResolver errors from binary cataloger [[#3410](https://github.com/anchore/syft/pull/3410) [@spiffcs](https://github.com/spiffcs)] +- malformed pom.xml may cause recursive loop [[#3391](https://github.com/anchore/syft/pull/3391) [@kzantow](https://github.com/kzantow)] +- syft convert: broken link in help - documentation no longer existing [[#3143](https://github.com/anchore/syft/issues/3143) [#3407](https://github.com/anchore/syft/pull/3407) [@Makefolder](https://github.com/Makefolder)] + **[(Full Changelog)](https://github.com/anchore/syft/compare/v1.15.0...v1.16.0)** diff --git a/content/docs/releases/syft/v1.19.0.md b/content/docs/releases/syft/v1.19.0.md index e81b2bde..e8f87cfc 100644 --- a/content/docs/releases/syft/v1.19.0.md +++ b/content/docs/releases/syft/v1.19.0.md @@ -11,19 +11,19 @@ description = "Release notes for syft v1.19.0" Version [v1.19.0](https://github.com/anchore/syft/releases/tag/v1.19.0) -## Added Features - -- add license parsing from vendor dirs [[#3522](https://github.com/anchore/syft/pull/3522) [@dschmidt](https://github.com/dschmidt)] -- Support cataloging NuGet packages [[#373](https://github.com/anchore/syft/issues/373) [#3484](https://github.com/anchore/syft/pull/3484) [@Kemosabert](https://github.com/Kemosabert)] - -## Bug Fixes - -- Syft generates invalid PURLs when name contains `:` [[#3577](https://github.com/anchore/syft/issues/3577) [#3596](https://github.com/anchore/syft/pull/3596) [@spiffcs](https://github.com/spiffcs) [@jkugler](https://github.com/jkugler)] -- warn instead of error if zero package catalogers are select - user might still run file metadata cataloger, for example [[#3128](https://github.com/anchore/syft/issues/3128) [#3468](https://github.com/anchore/syft/pull/3468) [@tomersein](https://github.com/tomersein)] -- sbom report: missing licenses [[#3527](https://github.com/anchore/syft/issues/3527) [#3549](https://github.com/anchore/syft/pull/3549) [@kzantow](https://github.com/kzantow)] - -## Additional Changes - -- bump stereoscope to v0.0.13 [[#3601](https://github.com/anchore/syft/pull/3601) [@spiffcs](https://github.com/spiffcs)] - +## Added Features + +- add license parsing from vendor dirs [[#3522](https://github.com/anchore/syft/pull/3522) [@dschmidt](https://github.com/dschmidt)] +- Support cataloging NuGet packages [[#373](https://github.com/anchore/syft/issues/373) [#3484](https://github.com/anchore/syft/pull/3484) [@Kemosabert](https://github.com/Kemosabert)] + +## Bug Fixes + +- Syft generates invalid PURLs when name contains `:` [[#3577](https://github.com/anchore/syft/issues/3577) [#3596](https://github.com/anchore/syft/pull/3596) [@spiffcs](https://github.com/spiffcs) [@jkugler](https://github.com/jkugler)] +- warn instead of error if zero package catalogers are select - user might still run file metadata cataloger, for example [[#3128](https://github.com/anchore/syft/issues/3128) [#3468](https://github.com/anchore/syft/pull/3468) [@tomersein](https://github.com/tomersein)] +- sbom report: missing licenses [[#3527](https://github.com/anchore/syft/issues/3527) [#3549](https://github.com/anchore/syft/pull/3549) [@kzantow](https://github.com/kzantow)] + +## Additional Changes + +- bump stereoscope to v0.0.13 [[#3601](https://github.com/anchore/syft/pull/3601) [@spiffcs](https://github.com/spiffcs)] + **[(Full Changelog)](https://github.com/anchore/syft/compare/v1.18.1...v1.19.0)** diff --git a/content/docs/releases/syft/v1.20.0.md b/content/docs/releases/syft/v1.20.0.md index 8b81a27c..7b4af301 100644 --- a/content/docs/releases/syft/v1.20.0.md +++ b/content/docs/releases/syft/v1.20.0.md @@ -11,27 +11,27 @@ description = "Release notes for syft v1.20.0" Version [v1.20.0](https://github.com/anchore/syft/releases/tag/v1.20.0) -## Added Features - -- Add file catalogers to selection configuration [[#3505](https://github.com/anchore/syft/pull/3505) [@wagoodman](https://github.com/wagoodman)] -- Configuration for including license contents in SBOM [[#3626](https://github.com/anchore/syft/issues/3626) [#3631](https://github.com/anchore/syft/pull/3631) [@spiffcs](https://github.com/spiffcs)] -- Support Bitnami embedded SBOMs [[#3065](https://github.com/anchore/syft/issues/3065) [#3341](https://github.com/anchore/syft/pull/3341) [@juan131](https://github.com/juan131)] [[#3676](https://github.com/anchore/syft/pull/3676) [@willmurphyscode](https://github.com/willmurphyscode)] - -## Bug Fixes - -- Version parse caused by line breaks on different platforms [[#3672](https://github.com/anchore/syft/pull/3672) [@idhyt](https://github.com/idhyt)] -- License files which do not match an SPDX expression are erroneously handled as 'unlicensed' [[#3412](https://github.com/anchore/syft/issues/3412) [#3366](https://github.com/anchore/syft/pull/3366) [@HeyeOpenSource](https://github.com/HeyeOpenSource)] -- Incorrect URL encoding of package url (purl) [[#3533](https://github.com/anchore/syft/issues/3533) [#3678](https://github.com/anchore/syft/pull/3678) [@kzantow](https://github.com/kzantow)] -- syft should not warn on known bad package.json [[#3470](https://github.com/anchore/syft/issues/3470) [#3645](https://github.com/anchore/syft/pull/3645) [@kzantow](https://github.com/kzantow)] -- Scanning a project with many DLLs is slow [[#3455](https://github.com/anchore/syft/issues/3455) [#3677](https://github.com/anchore/syft/pull/3677) [@rogueai](https://github.com/rogueai)] -- cyclone-dx presenter drops files, includes only packages [[#3435](https://github.com/anchore/syft/issues/3435) [#3539](https://github.com/anchore/syft/pull/3539) [@spiffcs](https://github.com/spiffcs)] -- "syft config" output swaps comments for search-indexed-archives / search-unindexed-archives [[#3624](https://github.com/anchore/syft/issues/3624) [#3630](https://github.com/anchore/syft/pull/3630) [@spiffcs](https://github.com/spiffcs)] -- dpkg license improvement for non SPDX licenses [[#3090](https://github.com/anchore/syft/issues/3090) [#3366](https://github.com/anchore/syft/pull/3366) [@HeyeOpenSource](https://github.com/HeyeOpenSource)] -- RPM-based PURLs sometimes have incorrect namespace (specifically OpenSUSE) [[#3534](https://github.com/anchore/syft/issues/3534) [#3615](https://github.com/anchore/syft/pull/3615) [@mprpic](https://github.com/mprpic)] - -## Additional Changes - -- update to go 1.24.x [[#3660](https://github.com/anchore/syft/pull/3660) [@westonsteimel](https://github.com/westonsteimel)] -- replace all shorthand tags of mapstruct -> mapstructure [[#3633](https://github.com/anchore/syft/pull/3633) [@spiffcs](https://github.com/spiffcs)] - +## Added Features + +- Add file catalogers to selection configuration [[#3505](https://github.com/anchore/syft/pull/3505) [@wagoodman](https://github.com/wagoodman)] +- Configuration for including license contents in SBOM [[#3626](https://github.com/anchore/syft/issues/3626) [#3631](https://github.com/anchore/syft/pull/3631) [@spiffcs](https://github.com/spiffcs)] +- Support Bitnami embedded SBOMs [[#3065](https://github.com/anchore/syft/issues/3065) [#3341](https://github.com/anchore/syft/pull/3341) [@juan131](https://github.com/juan131)] [[#3676](https://github.com/anchore/syft/pull/3676) [@willmurphyscode](https://github.com/willmurphyscode)] + +## Bug Fixes + +- Version parse caused by line breaks on different platforms [[#3672](https://github.com/anchore/syft/pull/3672) [@idhyt](https://github.com/idhyt)] +- License files which do not match an SPDX expression are erroneously handled as 'unlicensed' [[#3412](https://github.com/anchore/syft/issues/3412) [#3366](https://github.com/anchore/syft/pull/3366) [@HeyeOpenSource](https://github.com/HeyeOpenSource)] +- Incorrect URL encoding of package url (purl) [[#3533](https://github.com/anchore/syft/issues/3533) [#3678](https://github.com/anchore/syft/pull/3678) [@kzantow](https://github.com/kzantow)] +- syft should not warn on known bad package.json [[#3470](https://github.com/anchore/syft/issues/3470) [#3645](https://github.com/anchore/syft/pull/3645) [@kzantow](https://github.com/kzantow)] +- Scanning a project with many DLLs is slow [[#3455](https://github.com/anchore/syft/issues/3455) [#3677](https://github.com/anchore/syft/pull/3677) [@rogueai](https://github.com/rogueai)] +- cyclone-dx presenter drops files, includes only packages [[#3435](https://github.com/anchore/syft/issues/3435) [#3539](https://github.com/anchore/syft/pull/3539) [@spiffcs](https://github.com/spiffcs)] +- "syft config" output swaps comments for search-indexed-archives / search-unindexed-archives [[#3624](https://github.com/anchore/syft/issues/3624) [#3630](https://github.com/anchore/syft/pull/3630) [@spiffcs](https://github.com/spiffcs)] +- dpkg license improvement for non SPDX licenses [[#3090](https://github.com/anchore/syft/issues/3090) [#3366](https://github.com/anchore/syft/pull/3366) [@HeyeOpenSource](https://github.com/HeyeOpenSource)] +- RPM-based PURLs sometimes have incorrect namespace (specifically OpenSUSE) [[#3534](https://github.com/anchore/syft/issues/3534) [#3615](https://github.com/anchore/syft/pull/3615) [@mprpic](https://github.com/mprpic)] + +## Additional Changes + +- update to go 1.24.x [[#3660](https://github.com/anchore/syft/pull/3660) [@westonsteimel](https://github.com/westonsteimel)] +- replace all shorthand tags of mapstruct -> mapstructure [[#3633](https://github.com/anchore/syft/pull/3633) [@spiffcs](https://github.com/spiffcs)] + **[(Full Changelog)](https://github.com/anchore/syft/compare/v1.19.0...v1.20.0)** diff --git a/content/docs/releases/syft/v1.27.0.md b/content/docs/releases/syft/v1.27.0.md index 83e3a0bd..5fa080a9 100644 --- a/content/docs/releases/syft/v1.27.0.md +++ b/content/docs/releases/syft/v1.27.0.md @@ -11,23 +11,23 @@ description = "Release notes for syft v1.27.0" Version [v1.27.0](https://github.com/anchore/syft/releases/tag/v1.27.0) -## Added Features - -- add syft schema version to version command [[#3949](https://github.com/anchore/syft/pull/3949) [@spiffcs](https://github.com/spiffcs)] - -## Bug Fixes - -- Remove CPE product candidates for phf, prometheus, hyper and Rust crates [[#3967](https://github.com/anchore/syft/pull/3967) [@jayvdb](https://github.com/jayvdb)] -- Remove CPE product candidates for opentelemetry and redis Rust crates [[#3962](https://github.com/anchore/syft/pull/3962) [@jayvdb](https://github.com/jayvdb)] -- Harden Container Runtime with Non-Root User [[#3941](https://github.com/anchore/syft/pull/3941) [@MikeTheCyberGuy](https://github.com/MikeTheCyberGuy)] -- terraform provider lock entries should not require constraints [[#3934](https://github.com/anchore/syft/pull/3934) [@ghouscht](https://github.com/ghouscht)] -- sbom cataloger returning upstream package [[#3662](https://github.com/anchore/syft/issues/3662) [#3981](https://github.com/anchore/syft/pull/3981) [@kzantow](https://github.com/kzantow)] -- Syft missing md5 sums and list data for dpkg packages under `status.d/` [[#3912](https://github.com/anchore/syft/issues/3912)] -- Failure to detect dependency relationships between Python packages [[#3958](https://github.com/anchore/syft/issues/3958) [#3965](https://github.com/anchore/syft/pull/3965) [@christoph](https://github.com/christoph)-blessing] -- Heavy memory consumption when directory scanning deb source [[#3928](https://github.com/anchore/syft/issues/3928) [#3953](https://github.com/anchore/syft/pull/3953) [@kzantow](https://github.com/kzantow)] -- In versions 1.25.0 and later, graalvm-native-image-cataloger adds 3-6 hours to Syft [[#3942](https://github.com/anchore/syft/issues/3942) [#3944](https://github.com/anchore/syft/pull/3944) [@kzantow](https://github.com/kzantow)] -- Syft incorrectly reports multiple APKs as parents of symlinked files [[#3847](https://github.com/anchore/syft/issues/3847) [#3923](https://github.com/anchore/syft/pull/3923) [@luhring](https://github.com/luhring)] - -**[(Full Changelog)](https://github.com/anchore/syft/compare/v1.26.1...v1.27.0)** - +## Added Features + +- add syft schema version to version command [[#3949](https://github.com/anchore/syft/pull/3949) [@spiffcs](https://github.com/spiffcs)] + +## Bug Fixes + +- Remove CPE product candidates for phf, prometheus, hyper and Rust crates [[#3967](https://github.com/anchore/syft/pull/3967) [@jayvdb](https://github.com/jayvdb)] +- Remove CPE product candidates for opentelemetry and redis Rust crates [[#3962](https://github.com/anchore/syft/pull/3962) [@jayvdb](https://github.com/jayvdb)] +- Harden Container Runtime with Non-Root User [[#3941](https://github.com/anchore/syft/pull/3941) [@MikeTheCyberGuy](https://github.com/MikeTheCyberGuy)] +- terraform provider lock entries should not require constraints [[#3934](https://github.com/anchore/syft/pull/3934) [@ghouscht](https://github.com/ghouscht)] +- sbom cataloger returning upstream package [[#3662](https://github.com/anchore/syft/issues/3662) [#3981](https://github.com/anchore/syft/pull/3981) [@kzantow](https://github.com/kzantow)] +- Syft missing md5 sums and list data for dpkg packages under `status.d/` [[#3912](https://github.com/anchore/syft/issues/3912)] +- Failure to detect dependency relationships between Python packages [[#3958](https://github.com/anchore/syft/issues/3958) [#3965](https://github.com/anchore/syft/pull/3965) [@christoph](https://github.com/christoph)-blessing] +- Heavy memory consumption when directory scanning deb source [[#3928](https://github.com/anchore/syft/issues/3928) [#3953](https://github.com/anchore/syft/pull/3953) [@kzantow](https://github.com/kzantow)] +- In versions 1.25.0 and later, graalvm-native-image-cataloger adds 3-6 hours to Syft [[#3942](https://github.com/anchore/syft/issues/3942) [#3944](https://github.com/anchore/syft/pull/3944) [@kzantow](https://github.com/kzantow)] +- Syft incorrectly reports multiple APKs as parents of symlinked files [[#3847](https://github.com/anchore/syft/issues/3847) [#3923](https://github.com/anchore/syft/pull/3923) [@luhring](https://github.com/luhring)] + +**[(Full Changelog)](https://github.com/anchore/syft/compare/v1.26.1...v1.27.0)** + A HUGE thank you to [@rezmoss](https://github.com/rezmoss) for his help identifying and solving an issue causing excessive time and memory consumption with large numbers of symlinks! ❤️ diff --git a/content/docs/releases/syft/v1.3.0.md b/content/docs/releases/syft/v1.3.0.md index 3cd4f908..8727d454 100644 --- a/content/docs/releases/syft/v1.3.0.md +++ b/content/docs/releases/syft/v1.3.0.md @@ -11,21 +11,21 @@ description = "Release notes for syft v1.3.0" Version [v1.3.0](https://github.com/anchore/syft/releases/tag/v1.3.0) -## Added Features - -- index known CPEs for go modules [[#2816](https://github.com/anchore/syft/pull/2816) [@westonsteimel](https://github.com/westonsteimel)] -- support multiple known CPEs in index [[#2813](https://github.com/anchore/syft/pull/2813) [@westonsteimel](https://github.com/westonsteimel)] -- index known CPEs for PHP Composer packagist.org packages [[#2804](https://github.com/anchore/syft/pull/2804) [@westonsteimel](https://github.com/westonsteimel)] -- index known cpes for PHP extensions [[#2777](https://github.com/anchore/syft/pull/2777) [@westonsteimel](https://github.com/westonsteimel)] - -## Bug Fixes - -- re-use embedded union reader if possible [[#2814](https://github.com/anchore/syft/pull/2814) [@willmurphyscode](https://github.com/willmurphyscode)] -- prefer non-deprecated CPEs and include jenkins plugins from plugins.jenkins.io [[#2806](https://github.com/anchore/syft/pull/2806) [@westonsteimel](https://github.com/westonsteimel)] -- improvements to known CPE index construction [[#2801](https://github.com/anchore/syft/pull/2801) [@westonsteimel](https://github.com/westonsteimel)] -- Syft panics when scanning OCI image that contains packaged helm chart [[#2745](https://github.com/anchore/syft/issues/2745) [#2757](https://github.com/anchore/syft/pull/2757) [@willmurphyscode](https://github.com/willmurphyscode)] -- Pom parser not resolving all dependency versions [[#2776](https://github.com/anchore/syft/issues/2776) [#2781](https://github.com/anchore/syft/pull/2781) [@willmurphyscode](https://github.com/willmurphyscode)] -- exclude known instrumentation jars from being erroneously identified [[#2796](https://github.com/anchore/syft/pull/2796) [@kzantow](https://github.com/kzantow)] -- return empty string if dereferncing pom var fails [[#2797](https://github.com/anchore/syft/pull/2797) [@willmurphyscode](https://github.com/willmurphyscode)] - +## Added Features + +- index known CPEs for go modules [[#2816](https://github.com/anchore/syft/pull/2816) [@westonsteimel](https://github.com/westonsteimel)] +- support multiple known CPEs in index [[#2813](https://github.com/anchore/syft/pull/2813) [@westonsteimel](https://github.com/westonsteimel)] +- index known CPEs for PHP Composer packagist.org packages [[#2804](https://github.com/anchore/syft/pull/2804) [@westonsteimel](https://github.com/westonsteimel)] +- index known cpes for PHP extensions [[#2777](https://github.com/anchore/syft/pull/2777) [@westonsteimel](https://github.com/westonsteimel)] + +## Bug Fixes + +- re-use embedded union reader if possible [[#2814](https://github.com/anchore/syft/pull/2814) [@willmurphyscode](https://github.com/willmurphyscode)] +- prefer non-deprecated CPEs and include jenkins plugins from plugins.jenkins.io [[#2806](https://github.com/anchore/syft/pull/2806) [@westonsteimel](https://github.com/westonsteimel)] +- improvements to known CPE index construction [[#2801](https://github.com/anchore/syft/pull/2801) [@westonsteimel](https://github.com/westonsteimel)] +- Syft panics when scanning OCI image that contains packaged helm chart [[#2745](https://github.com/anchore/syft/issues/2745) [#2757](https://github.com/anchore/syft/pull/2757) [@willmurphyscode](https://github.com/willmurphyscode)] +- Pom parser not resolving all dependency versions [[#2776](https://github.com/anchore/syft/issues/2776) [#2781](https://github.com/anchore/syft/pull/2781) [@willmurphyscode](https://github.com/willmurphyscode)] +- exclude known instrumentation jars from being erroneously identified [[#2796](https://github.com/anchore/syft/pull/2796) [@kzantow](https://github.com/kzantow)] +- return empty string if dereferncing pom var fails [[#2797](https://github.com/anchore/syft/pull/2797) [@willmurphyscode](https://github.com/willmurphyscode)] + **[(Full Changelog)](https://github.com/anchore/syft/compare/v1.2.0...v1.3.0)** diff --git a/content/docs/releases/syft/v1.30.0.md b/content/docs/releases/syft/v1.30.0.md index dc0d2ee1..00e1289b 100644 --- a/content/docs/releases/syft/v1.30.0.md +++ b/content/docs/releases/syft/v1.30.0.md @@ -11,12 +11,12 @@ description = "Release notes for syft v1.30.0" Version [v1.30.0](https://github.com/anchore/syft/releases/tag/v1.30.0) -## Added Features - -- add binary classifier for hashicorp vault [[#4121](https://github.com/anchore/syft/pull/4121) [@willmurphyscode](https://github.com/willmurphyscode)] - -## Bug Fixes - -- fix: update nondeterministic Java archive cataloging and improve groupID [[#3521](https://github.com/anchore/syft/issues/3521) [#4118](https://github.com/anchore/syft/pull/4118) [@kzantow](https://github.com/kzantow)] - +## Added Features + +- add binary classifier for hashicorp vault [[#4121](https://github.com/anchore/syft/pull/4121) [@willmurphyscode](https://github.com/willmurphyscode)] + +## Bug Fixes + +- fix: update nondeterministic Java archive cataloging and improve groupID [[#3521](https://github.com/anchore/syft/issues/3521) [#4118](https://github.com/anchore/syft/pull/4118) [@kzantow](https://github.com/kzantow)] + **[(Full Changelog)](https://github.com/anchore/syft/compare/v1.29.1...v1.30.0)** diff --git a/content/docs/releases/syft/v1.32.0.md b/content/docs/releases/syft/v1.32.0.md index e3ab5716..5ea1e4c4 100644 --- a/content/docs/releases/syft/v1.32.0.md +++ b/content/docs/releases/syft/v1.32.0.md @@ -11,19 +11,19 @@ description = "Release notes for syft v1.32.0" Version [v1.32.0](https://github.com/anchore/syft/releases/tag/v1.32.0) -## Added Features - -- Catalog entire build list for Go projects, not just packages listed in go.mod [[#432](https://github.com/anchore/syft/issues/432) [#4127](https://github.com/anchore/syft/pull/4127) [@spiffcs](https://github.com/spiffcs)] -- package.json authors keyword parsing [[#2250](https://github.com/anchore/syft/issues/2250) [#4003](https://github.com/anchore/syft/pull/4003) [@popey](https://github.com/popey)] -- Conda ecosystem support (basic) [[#4002](https://github.com/anchore/syft/pull/4002)[@SimeonStoykovQC](https://github.com/SimeonStoykovQC)] - -## Bug Fixes - -- When scanning the FFmpeg binary with Syft a new package is now added [[#3988](https://github.com/anchore/syft/issues/3988) [#3994](https://github.com/anchore/syft/pull/3994) [@popey](https://github.com/popey)] -- Warn loudly if SQLite driver is not present when needed [[#3234](https://github.com/anchore/syft/issues/3234) [#4150](https://github.com/anchore/syft/pull/4150) [@kzantow](https://github.com/kzantow)] - -## Additional Changes - -- Update dependencies to use go.yaml.in/yaml [[#4157](https://github.com/anchore/syft/pull/4157) [@n](https://github.com/n)-bes] - +## Added Features + +- Catalog entire build list for Go projects, not just packages listed in go.mod [[#432](https://github.com/anchore/syft/issues/432) [#4127](https://github.com/anchore/syft/pull/4127) [@spiffcs](https://github.com/spiffcs)] +- package.json authors keyword parsing [[#2250](https://github.com/anchore/syft/issues/2250) [#4003](https://github.com/anchore/syft/pull/4003) [@popey](https://github.com/popey)] +- Conda ecosystem support (basic) [[#4002](https://github.com/anchore/syft/pull/4002)[@SimeonStoykovQC](https://github.com/SimeonStoykovQC)] + +## Bug Fixes + +- When scanning the FFmpeg binary with Syft a new package is now added [[#3988](https://github.com/anchore/syft/issues/3988) [#3994](https://github.com/anchore/syft/pull/3994) [@popey](https://github.com/popey)] +- Warn loudly if SQLite driver is not present when needed [[#3234](https://github.com/anchore/syft/issues/3234) [#4150](https://github.com/anchore/syft/pull/4150) [@kzantow](https://github.com/kzantow)] + +## Additional Changes + +- Update dependencies to use go.yaml.in/yaml [[#4157](https://github.com/anchore/syft/pull/4157) [@n](https://github.com/n)-bes] + **[(Full Changelog)](https://github.com/anchore/syft/compare/v1.31.0...v1.32.0)** diff --git a/content/docs/releases/syft/v1.4.0.md b/content/docs/releases/syft/v1.4.0.md index 642c2f86..075e5c04 100644 --- a/content/docs/releases/syft/v1.4.0.md +++ b/content/docs/releases/syft/v1.4.0.md @@ -11,30 +11,30 @@ description = "Release notes for syft v1.4.0" Version [v1.4.0](https://github.com/anchore/syft/releases/tag/v1.4.0) -## Added Features - -- Add detection for newer version of ErLang/OTP [[#2829](https://github.com/anchore/syft/pull/2829) [@LaurentGoderre](https://github.com/LaurentGoderre)] -- Add missing CPE for traefik, memcached, and postgres binaries [[#2845](https://github.com/anchore/syft/pull/2845) [@LaurentGoderre](https://github.com/LaurentGoderre)] -- Add binary classifier for ArangoDB [[#2830](https://github.com/anchore/syft/pull/2830) [@LaurentGoderre](https://github.com/LaurentGoderre)] -- Add relationships to ELF packages [[#2715](https://github.com/anchore/syft/pull/2715) [@brian](https://github.com/brian)-ebarb [@cdivers18](https://github.com/cdivers18) ] -- Add relationships for ALPM packages (arch linux) [[#2851](https://github.com/anchore/syft/pull/2851) [@wagoodman](https://github.com/wagoodman)] - -## Bug Fixes - -- close temp rpmdb file [[#2792](https://github.com/anchore/syft/pull/2792) [@testwill](https://github.com/testwill)] -- fix Windows file paths in local go mod cache [[#2654](https://github.com/anchore/syft/pull/2654) [@willmurphyscode](https://github.com/willmurphyscode)] -- Package Count doesn't match list of packages [[#2304](https://github.com/anchore/syft/issues/2304) [#2839](https://github.com/anchore/syft/pull/2839) [@wagoodman](https://github.com/wagoodman)] -- New version 1.3.0 leads to "too many open files" while scanning bigger images [[#2819](https://github.com/anchore/syft/issues/2819) [#2823](https://github.com/anchore/syft/pull/2823) [@willmurphyscode](https://github.com/willmurphyscode)] -- `license_info_in_file` is mandatory in SPDX-2.2 [[#2163](https://github.com/anchore/syft/issues/2163) [#2168](https://github.com/anchore/syft/pull/2168) [@kzantow](https://github.com/kzantow)] -- Wrong CPE for dnsmasq [[#2636](https://github.com/anchore/syft/issues/2636) [#2659](https://github.com/anchore/syft/pull/2659) [@kzantow](https://github.com/kzantow)] -- SPDX originator is not always populated [[#2632](https://github.com/anchore/syft/issues/2632) [#2822](https://github.com/anchore/syft/pull/2822) [@wagoodman](https://github.com/wagoodman)] - -## Additional Changes - -- Improve linting for `defer Close` type issues [[#2826](https://github.com/anchore/syft/issues/2826)] -- use ruleguard to test for missing defer statements [[#2837](https://github.com/anchore/syft/pull/2837) [@willmurphyscode](https://github.com/willmurphyscode)] -- Publish security policy [[#2835](https://github.com/anchore/syft/pull/2835) [@wagoodman](https://github.com/wagoodman)] -- fix function name in comment [[#2771](https://github.com/anchore/syft/pull/2771) [@camcui](https://github.com/camcui)] -- enable go-critic deferInLoop lint [[#2825](https://github.com/anchore/syft/pull/2825) [@willmurphyscode](https://github.com/willmurphyscode)] - +## Added Features + +- Add detection for newer version of ErLang/OTP [[#2829](https://github.com/anchore/syft/pull/2829) [@LaurentGoderre](https://github.com/LaurentGoderre)] +- Add missing CPE for traefik, memcached, and postgres binaries [[#2845](https://github.com/anchore/syft/pull/2845) [@LaurentGoderre](https://github.com/LaurentGoderre)] +- Add binary classifier for ArangoDB [[#2830](https://github.com/anchore/syft/pull/2830) [@LaurentGoderre](https://github.com/LaurentGoderre)] +- Add relationships to ELF packages [[#2715](https://github.com/anchore/syft/pull/2715) [@brian](https://github.com/brian)-ebarb [@cdivers18](https://github.com/cdivers18) ] +- Add relationships for ALPM packages (arch linux) [[#2851](https://github.com/anchore/syft/pull/2851) [@wagoodman](https://github.com/wagoodman)] + +## Bug Fixes + +- close temp rpmdb file [[#2792](https://github.com/anchore/syft/pull/2792) [@testwill](https://github.com/testwill)] +- fix Windows file paths in local go mod cache [[#2654](https://github.com/anchore/syft/pull/2654) [@willmurphyscode](https://github.com/willmurphyscode)] +- Package Count doesn't match list of packages [[#2304](https://github.com/anchore/syft/issues/2304) [#2839](https://github.com/anchore/syft/pull/2839) [@wagoodman](https://github.com/wagoodman)] +- New version 1.3.0 leads to "too many open files" while scanning bigger images [[#2819](https://github.com/anchore/syft/issues/2819) [#2823](https://github.com/anchore/syft/pull/2823) [@willmurphyscode](https://github.com/willmurphyscode)] +- `license_info_in_file` is mandatory in SPDX-2.2 [[#2163](https://github.com/anchore/syft/issues/2163) [#2168](https://github.com/anchore/syft/pull/2168) [@kzantow](https://github.com/kzantow)] +- Wrong CPE for dnsmasq [[#2636](https://github.com/anchore/syft/issues/2636) [#2659](https://github.com/anchore/syft/pull/2659) [@kzantow](https://github.com/kzantow)] +- SPDX originator is not always populated [[#2632](https://github.com/anchore/syft/issues/2632) [#2822](https://github.com/anchore/syft/pull/2822) [@wagoodman](https://github.com/wagoodman)] + +## Additional Changes + +- Improve linting for `defer Close` type issues [[#2826](https://github.com/anchore/syft/issues/2826)] +- use ruleguard to test for missing defer statements [[#2837](https://github.com/anchore/syft/pull/2837) [@willmurphyscode](https://github.com/willmurphyscode)] +- Publish security policy [[#2835](https://github.com/anchore/syft/pull/2835) [@wagoodman](https://github.com/wagoodman)] +- fix function name in comment [[#2771](https://github.com/anchore/syft/pull/2771) [@camcui](https://github.com/camcui)] +- enable go-critic deferInLoop lint [[#2825](https://github.com/anchore/syft/pull/2825) [@willmurphyscode](https://github.com/willmurphyscode)] + **[(Full Changelog)](https://github.com/anchore/syft/compare/v1.3.0...v1.4.0)** diff --git a/content/docs/releases/syft/v1.5.0.md b/content/docs/releases/syft/v1.5.0.md index 63a02196..2aeefdcd 100644 --- a/content/docs/releases/syft/v1.5.0.md +++ b/content/docs/releases/syft/v1.5.0.md @@ -11,26 +11,26 @@ description = "Release notes for syft v1.5.0" Version [v1.5.0](https://github.com/anchore/syft/releases/tag/v1.5.0) -## Added Features - -- Add abstraction for adding relationships from package cataloger results [[#2853](https://github.com/anchore/syft/pull/2853) [@wagoodman](https://github.com/wagoodman)] -- Capture dependencies when parsing SPDX SBOMs [[#2869](https://github.com/anchore/syft/pull/2869) [@russellhaering](https://github.com/russellhaering)] -- Add python wheel egg relationships [[#2903](https://github.com/anchore/syft/pull/2903) [@wagoodman](https://github.com/wagoodman)] -- Added functionality to convert major, minor, patch to version [[#2864](https://github.com/anchore/syft/pull/2864) [@LaurentGoderre](https://github.com/LaurentGoderre)] -- Add support for RPM DB package relationships [[#2872](https://github.com/anchore/syft/pull/2872) [@wagoodman](https://github.com/wagoodman)] -- Detect fluent-bit binaries [[#2904](https://github.com/anchore/syft/issues/2904) [#2905](https://github.com/anchore/syft/pull/2905) [@kzantow](https://github.com/kzantow)] -- Add syft `config` command [[#2598](https://github.com/anchore/syft/issues/2598) [#2892](https://github.com/anchore/syft/pull/2892) [@kzantow](https://github.com/kzantow)] - -## Bug Fixes - -- Fix DecoderCollection discarding input from non-seekable Readers [[#2878](https://github.com/anchore/syft/pull/2878) [@russellhaering](https://github.com/russellhaering)] -- Handle GOEXPERIMENTs in go version [[#2893](https://github.com/anchore/syft/pull/2893) [@jonjohnsonjr](https://github.com/jonjohnsonjr)] -- Go Mod Cataloger: Remove Replaced Packages [[#2891](https://github.com/anchore/syft/pull/2891) [@russellhaering](https://github.com/russellhaering)] -- Use values in relationship To/From fields [[#2871](https://github.com/anchore/syft/pull/2871) [@wagoodman](https://github.com/wagoodman)] -- Java package names showing up namespaced packages [[#2230](https://github.com/anchore/syft/issues/2230)] - -## Additional Changes - -- update spdx license list to 3.24.0 [[#2895](https://github.com/anchore/syft/pull/2895) [@spiffcs](https://github.com/spiffcs)] - +## Added Features + +- Add abstraction for adding relationships from package cataloger results [[#2853](https://github.com/anchore/syft/pull/2853) [@wagoodman](https://github.com/wagoodman)] +- Capture dependencies when parsing SPDX SBOMs [[#2869](https://github.com/anchore/syft/pull/2869) [@russellhaering](https://github.com/russellhaering)] +- Add python wheel egg relationships [[#2903](https://github.com/anchore/syft/pull/2903) [@wagoodman](https://github.com/wagoodman)] +- Added functionality to convert major, minor, patch to version [[#2864](https://github.com/anchore/syft/pull/2864) [@LaurentGoderre](https://github.com/LaurentGoderre)] +- Add support for RPM DB package relationships [[#2872](https://github.com/anchore/syft/pull/2872) [@wagoodman](https://github.com/wagoodman)] +- Detect fluent-bit binaries [[#2904](https://github.com/anchore/syft/issues/2904) [#2905](https://github.com/anchore/syft/pull/2905) [@kzantow](https://github.com/kzantow)] +- Add syft `config` command [[#2598](https://github.com/anchore/syft/issues/2598) [#2892](https://github.com/anchore/syft/pull/2892) [@kzantow](https://github.com/kzantow)] + +## Bug Fixes + +- Fix DecoderCollection discarding input from non-seekable Readers [[#2878](https://github.com/anchore/syft/pull/2878) [@russellhaering](https://github.com/russellhaering)] +- Handle GOEXPERIMENTs in go version [[#2893](https://github.com/anchore/syft/pull/2893) [@jonjohnsonjr](https://github.com/jonjohnsonjr)] +- Go Mod Cataloger: Remove Replaced Packages [[#2891](https://github.com/anchore/syft/pull/2891) [@russellhaering](https://github.com/russellhaering)] +- Use values in relationship To/From fields [[#2871](https://github.com/anchore/syft/pull/2871) [@wagoodman](https://github.com/wagoodman)] +- Java package names showing up namespaced packages [[#2230](https://github.com/anchore/syft/issues/2230)] + +## Additional Changes + +- update spdx license list to 3.24.0 [[#2895](https://github.com/anchore/syft/pull/2895) [@spiffcs](https://github.com/spiffcs)] + **[(Full Changelog)](https://github.com/anchore/syft/compare/v1.4.1...v1.5.0)** diff --git a/content/docs/releases/vunnel/_index.md b/content/docs/releases/vunnel/_index.md index 799edd6d..70c45eaf 100644 --- a/content/docs/releases/vunnel/_index.md +++ b/content/docs/releases/vunnel/_index.md @@ -1,7 +1,7 @@ +++ tags = ['vunnel'] categories = ['release'] -title = "Vunnel Release Notes" +title = "Vunnel Release Notes" linkTitle = "Vunnel" url = "docs/releases/vunnel" description = "Anchore Vunnel Release Notes" diff --git a/content/docs/releases/vunnel/v0.1.0.md b/content/docs/releases/vunnel/v0.1.0.md index 5c352347..9a13c209 100644 --- a/content/docs/releases/vunnel/v0.1.0.md +++ b/content/docs/releases/vunnel/v0.1.0.md @@ -11,14 +11,14 @@ description = "Release notes for vunnel v0.1.0" Version [v0.1.0](https://github.com/anchore/vunnel/releases/tag/v0.1.0) -## [v0.1.0](https://github.com/anchore/vunnel/tree/v0.1.0) (2023-01-10) - -[Full Changelog](https://github.com/anchore/vunnel/compare/v0.0.0...v0.1.0) - -## Added Features - -- Port remaining feed drivers from enterprise [[Issue #3](https://github.com/anchore/vunnel/issues/3)] - -## Bug Fixes - +## [v0.1.0](https://github.com/anchore/vunnel/tree/v0.1.0) (2023-01-10) + +[Full Changelog](https://github.com/anchore/vunnel/compare/v0.0.0...v0.1.0) + +## Added Features + +- Port remaining feed drivers from enterprise [[Issue #3](https://github.com/anchore/vunnel/issues/3)] + +## Bug Fixes + - NVD provider taking a long time even when results are cached [[Issue #9](https://github.com/anchore/vunnel/issues/9)] diff --git a/content/docs/releases/vunnel/v0.1.1.md b/content/docs/releases/vunnel/v0.1.1.md index 95a26bfd..da7eaf3e 100644 --- a/content/docs/releases/vunnel/v0.1.1.md +++ b/content/docs/releases/vunnel/v0.1.1.md @@ -11,6 +11,6 @@ description = "Release notes for vunnel v0.1.1" Version [v0.1.1](https://github.com/anchore/vunnel/releases/tag/v0.1.1) -## [v0.1.1](https://github.com/anchore/vunnel/tree/v0.1.1) (2023-01-10) - +## [v0.1.1](https://github.com/anchore/vunnel/tree/v0.1.1) (2023-01-10) + [Full Changelog](https://github.com/anchore/vunnel/compare/v0.1.0...v0.1.1) diff --git a/content/docs/releases/vunnel/v0.1.2.md b/content/docs/releases/vunnel/v0.1.2.md index d76880ff..5a87de9b 100644 --- a/content/docs/releases/vunnel/v0.1.2.md +++ b/content/docs/releases/vunnel/v0.1.2.md @@ -11,10 +11,10 @@ description = "Release notes for vunnel v0.1.2" Version [v0.1.2](https://github.com/anchore/vunnel/releases/tag/v0.1.2) -## [v0.1.2](https://github.com/anchore/vunnel/tree/v0.1.2) (2023-01-11) - -[Full Changelog](https://github.com/anchore/vunnel/compare/v0.1.1...v0.1.2) - -## Bug Fixes - +## [v0.1.2](https://github.com/anchore/vunnel/tree/v0.1.2) (2023-01-11) + +[Full Changelog](https://github.com/anchore/vunnel/compare/v0.1.1...v0.1.2) + +## Bug Fixes + - fix: adds missing oval modularity parsing [[PR #36](https://github.com/anchore/vunnel/pull/36)] [[westonsteimel](https://github.com/westonsteimel)] diff --git a/content/docs/releases/vunnel/v0.1.3.md b/content/docs/releases/vunnel/v0.1.3.md index e6041136..e9435a93 100644 --- a/content/docs/releases/vunnel/v0.1.3.md +++ b/content/docs/releases/vunnel/v0.1.3.md @@ -11,11 +11,11 @@ description = "Release notes for vunnel v0.1.3" Version [v0.1.3](https://github.com/anchore/vunnel/releases/tag/v0.1.3) -## [v0.1.3](https://github.com/anchore/vunnel/tree/v0.1.3) (2023-01-12) - -[Full Changelog](https://github.com/anchore/vunnel/compare/v0.1.2...v0.1.3) - -## Bug Fixes - -- Fix NVD provider to not wipe out existing results on incremental update [[PR #38](https://github.com/anchore/vunnel/pull/38)] [[wagoodman](https://github.com/wagoodman)] +## [v0.1.3](https://github.com/anchore/vunnel/tree/v0.1.3) (2023-01-12) + +[Full Changelog](https://github.com/anchore/vunnel/compare/v0.1.2...v0.1.3) + +## Bug Fixes + +- Fix NVD provider to not wipe out existing results on incremental update [[PR #38](https://github.com/anchore/vunnel/pull/38)] [[wagoodman](https://github.com/wagoodman)] - fix: re-enable --follow on ubuntu provider [[PR #40](https://github.com/anchore/vunnel/pull/40)] [[westonsteimel](https://github.com/westonsteimel)] diff --git a/content/docs/releases/vunnel/v0.1.4.md b/content/docs/releases/vunnel/v0.1.4.md index caf23b51..babb667f 100644 --- a/content/docs/releases/vunnel/v0.1.4.md +++ b/content/docs/releases/vunnel/v0.1.4.md @@ -11,6 +11,6 @@ description = "Release notes for vunnel v0.1.4" Version [v0.1.4](https://github.com/anchore/vunnel/releases/tag/v0.1.4) -## [v0.1.4](https://github.com/anchore/vunnel/tree/v0.1.4) (2023-01-13) - +## [v0.1.4](https://github.com/anchore/vunnel/tree/v0.1.4) (2023-01-13) + [Full Changelog](https://github.com/anchore/vunnel/compare/v0.1.3...v0.1.4) diff --git a/content/docs/releases/vunnel/v0.12.1.md b/content/docs/releases/vunnel/v0.12.1.md index 1a7c01f4..03ac3fd0 100644 --- a/content/docs/releases/vunnel/v0.12.1.md +++ b/content/docs/releases/vunnel/v0.12.1.md @@ -11,7 +11,8 @@ description = "Release notes for vunnel v0.12.1" Version [v0.12.1](https://github.com/anchore/vunnel/releases/tag/v0.12.1) -**Full Changelog**: https://github.com/anchore/vunnel/compare/v0.12.0...v0.12.1 - -## Bug Fixes -* fix: handle more ubuntu git repo errors by [@westonsteimel](https://github.com/westonsteimel) in https://github.com/anchore/vunnel/pull/214 +**Full Changelog**: https://github.com/anchore/vunnel/compare/v0.12.0...v0.12.1 + +## Bug Fixes + +- fix: handle more ubuntu git repo errors by [@westonsteimel](https://github.com/westonsteimel) in https://github.com/anchore/vunnel/pull/214 diff --git a/content/docs/releases/vunnel/v0.15.3.md b/content/docs/releases/vunnel/v0.15.3.md index 7a26d328..d1da006c 100644 --- a/content/docs/releases/vunnel/v0.15.3.md +++ b/content/docs/releases/vunnel/v0.15.3.md @@ -11,10 +11,11 @@ description = "Release notes for vunnel v0.15.3" Version [v0.15.3](https://github.com/anchore/vunnel/releases/tag/v0.15.3) -## [v0.15.3](https://github.com/anchore/vunnel/tree/v0.15.3) (2023-08-29) - -[Full Changelog](https://github.com/anchore/vunnel/compare/v0.15.2...v0.15.3) - -## Bug Fixes -- rhel: never filter out-of-support rhel entries [[PR #270](https://github.com/anchore/vunnel/pull/270)] [[westonsteimel](https://github.com/westonsteimel)] +## [v0.15.3](https://github.com/anchore/vunnel/tree/v0.15.3) (2023-08-29) + +[Full Changelog](https://github.com/anchore/vunnel/compare/v0.15.2...v0.15.3) + +## Bug Fixes + +- rhel: never filter out-of-support rhel entries [[PR #270](https://github.com/anchore/vunnel/pull/270)] [[westonsteimel](https://github.com/westonsteimel)] - rhel: handle cases where a vulnerability transitions to not-affected [[Issue #252](https://github.com/anchore/vunnel/issues/252)] [[PR #253](https://github.com/anchore/vunnel/pull/253)] [[westonsteimel](https://github.com/westonsteimel)] diff --git a/content/docs/releases/vunnel/v0.16.0.md b/content/docs/releases/vunnel/v0.16.0.md index 45c57e5e..0f49cfae 100644 --- a/content/docs/releases/vunnel/v0.16.0.md +++ b/content/docs/releases/vunnel/v0.16.0.md @@ -11,10 +11,10 @@ description = "Release notes for vunnel v0.16.0" Version [v0.16.0](https://github.com/anchore/vunnel/releases/tag/v0.16.0) -## [v0.16.0](https://github.com/anchore/vunnel/tree/v0.16.0) (2023-09-20) - -## Added Features - -- Add description to amazon provider [[PR #278](https://github.com/anchore/vunnel/pull/278)] [[tomersein](https://github.com/tomersein)] - +## [v0.16.0](https://github.com/anchore/vunnel/tree/v0.16.0) (2023-09-20) + +## Added Features + +- Add description to amazon provider [[PR #278](https://github.com/anchore/vunnel/pull/278)] [[tomersein](https://github.com/tomersein)] + [Full Changelog](https://github.com/anchore/vunnel/compare/v0.15.3...v0.16.0) diff --git a/content/docs/releases/vunnel/v0.17.5.md b/content/docs/releases/vunnel/v0.17.5.md index b3507c14..9a09ee95 100644 --- a/content/docs/releases/vunnel/v0.17.5.md +++ b/content/docs/releases/vunnel/v0.17.5.md @@ -11,15 +11,15 @@ description = "Release notes for vunnel v0.17.5" Version [v0.17.5](https://github.com/anchore/vunnel/releases/tag/v0.17.5) -## Bug Fixes - -- respect GitHub rate limiting [[#377](https://github.com/anchore/vunnel/pull/377) [@willmurphyscode](https://github.com/willmurphyscode)] - -## Additional Changes - -- introduce http get wrapper; use it in mariner provider [#376 - [@willmurphyscode](https://github.com/willmurphyscode)] -- Move nightly quality gate to be roughly after the latest DB build [[#381](https://github.com/anchore/vunnel/pull/381) [@wagoodman](https://github.com/wagoodman)] -- Only ask for release on quality gate step [[#378](https://github.com/anchore/vunnel/pull/378) [@wagoodman](https://github.com/wagoodman)] - +## Bug Fixes + +- respect GitHub rate limiting [[#377](https://github.com/anchore/vunnel/pull/377) [@willmurphyscode](https://github.com/willmurphyscode)] + +## Additional Changes + +- introduce http get wrapper; use it in mariner provider [#376 + [@willmurphyscode](https://github.com/willmurphyscode)] +- Move nightly quality gate to be roughly after the latest DB build [[#381](https://github.com/anchore/vunnel/pull/381) [@wagoodman](https://github.com/wagoodman)] +- Only ask for release on quality gate step [[#378](https://github.com/anchore/vunnel/pull/378) [@wagoodman](https://github.com/wagoodman)] + **[(Full Changelog)](https://github.com/anchore/vunnel/compare/v0.17.4...v0.17.5)** diff --git a/content/docs/releases/vunnel/v0.18.2.md b/content/docs/releases/vunnel/v0.18.2.md index bfe09124..80515add 100644 --- a/content/docs/releases/vunnel/v0.18.2.md +++ b/content/docs/releases/vunnel/v0.18.2.md @@ -11,11 +11,12 @@ description = "Release notes for vunnel v0.18.2" Version [v0.18.2](https://github.com/anchore/vunnel/releases/tag/v0.18.2) -## Bug Fixes - -- update vulnerability urls [[#451](https://github.com/anchore/vunnel/pull/451) [@westonsteimel](https://github.com/westonsteimel)] - -## Additional changes -- hard-code severity for debian CVE-2023-44487 to inherit NVD severity [[#448](https://github.com/anchore/vunnel/pull/448) [@willmurphyscode](https://github.com/willmurphyscode)] - +## Bug Fixes + +- update vulnerability urls [[#451](https://github.com/anchore/vunnel/pull/451) [@westonsteimel](https://github.com/westonsteimel)] + +## Additional changes + +- hard-code severity for debian CVE-2023-44487 to inherit NVD severity [[#448](https://github.com/anchore/vunnel/pull/448) [@willmurphyscode](https://github.com/willmurphyscode)] + **[(Full Changelog)](https://github.com/anchore/vunnel/compare/v0.18.1...v0.18.2)** diff --git a/content/docs/releases/vunnel/v0.18.3.md b/content/docs/releases/vunnel/v0.18.3.md index 80d002a9..5977a29f 100644 --- a/content/docs/releases/vunnel/v0.18.3.md +++ b/content/docs/releases/vunnel/v0.18.3.md @@ -11,10 +11,10 @@ description = "Release notes for vunnel v0.18.3" Version [v0.18.3](https://github.com/anchore/vunnel/releases/tag/v0.18.3) -## Additional Changes - -- disable auto merging of dependabot PRs [[#456](https://github.com/anchore/vunnel/pull/456) [@westonsteimel](https://github.com/westonsteimel)] -- Bump urllib3 from 2.0.5 to 2.0.7 (#454) -- Bump jinja2 from 3.1.2 to 3.1.3 (#455) - +## Additional Changes + +- disable auto merging of dependabot PRs [[#456](https://github.com/anchore/vunnel/pull/456) [@westonsteimel](https://github.com/westonsteimel)] +- Bump urllib3 from 2.0.5 to 2.0.7 (#454) +- Bump jinja2 from 3.1.2 to 3.1.3 (#455) + **[(Full Changelog)](https://github.com/anchore/vunnel/compare/v0.18.2...v0.18.3)** diff --git a/content/docs/releases/vunnel/v0.18.5.md b/content/docs/releases/vunnel/v0.18.5.md index 0d4ea845..898e6433 100644 --- a/content/docs/releases/vunnel/v0.18.5.md +++ b/content/docs/releases/vunnel/v0.18.5.md @@ -11,8 +11,8 @@ description = "Release notes for vunnel v0.18.5" Version [v0.18.5](https://github.com/anchore/vunnel/releases/tag/v0.18.5) -## Bug Fixes - -- improve the ubuntu provider to emit vuln rows for out of support entries [[#477](https://github.com/anchore/vunnel/pull/477) [@westonsteimel](https://github.com/westonsteimel)] - +## Bug Fixes + +- improve the ubuntu provider to emit vuln rows for out of support entries [[#477](https://github.com/anchore/vunnel/pull/477) [@westonsteimel](https://github.com/westonsteimel)] + **[(Full Changelog)](https://github.com/anchore/vunnel/compare/v0.18.4...v0.18.5)** diff --git a/content/docs/releases/vunnel/v0.2.0.md b/content/docs/releases/vunnel/v0.2.0.md index 9c065dab..60ecd7b8 100644 --- a/content/docs/releases/vunnel/v0.2.0.md +++ b/content/docs/releases/vunnel/v0.2.0.md @@ -11,16 +11,16 @@ description = "Release notes for vunnel v0.2.0" Version [v0.2.0](https://github.com/anchore/vunnel/releases/tag/v0.2.0) -## [v0.2.0](https://github.com/anchore/vunnel/tree/v0.2.0) (2023-01-17) - -[Full Changelog](https://github.com/anchore/vunnel/compare/v0.1.4...v0.2.0) - -## Added Features - -- Status command does not read records from DB [[PR #42](https://github.com/anchore/vunnel/pull/42)] [[wagoodman](https://github.com/wagoodman)] -- feat: refactor ubuntu driver to eliminate git follow [[PR #44](https://github.com/anchore/vunnel/pull/44)] [[westonsteimel](https://github.com/westonsteimel)] - -## Bug Fixes - -- fix: only use --follow for non-active CVEs in ubuntu provider [[PR #41](https://github.com/anchore/vunnel/pull/41)] [[westonsteimel](https://github.com/westonsteimel)] +## [v0.2.0](https://github.com/anchore/vunnel/tree/v0.2.0) (2023-01-17) + +[Full Changelog](https://github.com/anchore/vunnel/compare/v0.1.4...v0.2.0) + +## Added Features + +- Status command does not read records from DB [[PR #42](https://github.com/anchore/vunnel/pull/42)] [[wagoodman](https://github.com/wagoodman)] +- feat: refactor ubuntu driver to eliminate git follow [[PR #44](https://github.com/anchore/vunnel/pull/44)] [[westonsteimel](https://github.com/westonsteimel)] + +## Bug Fixes + +- fix: only use --follow for non-active CVEs in ubuntu provider [[PR #41](https://github.com/anchore/vunnel/pull/41)] [[westonsteimel](https://github.com/westonsteimel)] - vunnel config command should not show python types [[PR #45](https://github.com/anchore/vunnel/pull/45)] [[wagoodman](https://github.com/wagoodman)] diff --git a/content/docs/releases/vunnel/v0.3.0.md b/content/docs/releases/vunnel/v0.3.0.md index ca4c34bf..08431ea9 100644 --- a/content/docs/releases/vunnel/v0.3.0.md +++ b/content/docs/releases/vunnel/v0.3.0.md @@ -11,16 +11,16 @@ description = "Release notes for vunnel v0.3.0" Version [v0.3.0](https://github.com/anchore/vunnel/releases/tag/v0.3.0) -## [v0.3.0](https://github.com/anchore/vunnel/tree/v0.3.0) (2023-01-30) - -[Full Changelog](https://github.com/anchore/vunnel/compare/v0.2.0...v0.3.0) - -## Added Features - -- ubuntu provider git url should be configurable [[Issue #48](https://github.com/anchore/vunnel/issues/48)] - -## Bug Fixes - -- vunnel config command should not show python types [[PR #45](https://github.com/anchore/vunnel/pull/45)] [[wagoodman](https://github.com/wagoodman)] -- fix: consider non-exact renames as modifications [[PR #46](https://github.com/anchore/vunnel/pull/46)] [[westonsteimel](https://github.com/westonsteimel)] +## [v0.3.0](https://github.com/anchore/vunnel/tree/v0.3.0) (2023-01-30) + +[Full Changelog](https://github.com/anchore/vunnel/compare/v0.2.0...v0.3.0) + +## Added Features + +- ubuntu provider git url should be configurable [[Issue #48](https://github.com/anchore/vunnel/issues/48)] + +## Bug Fixes + +- vunnel config command should not show python types [[PR #45](https://github.com/anchore/vunnel/pull/45)] [[wagoodman](https://github.com/wagoodman)] +- fix: consider non-exact renames as modifications [[PR #46](https://github.com/anchore/vunnel/pull/46)] [[westonsteimel](https://github.com/westonsteimel)] - fix: make compatible with python 3.9 [[PR #47](https://github.com/anchore/vunnel/pull/47)] [[westonsteimel](https://github.com/westonsteimel)] diff --git a/content/docs/releases/vunnel/v0.3.1.md b/content/docs/releases/vunnel/v0.3.1.md index bbda280f..45d89bf0 100644 --- a/content/docs/releases/vunnel/v0.3.1.md +++ b/content/docs/releases/vunnel/v0.3.1.md @@ -11,10 +11,10 @@ description = "Release notes for vunnel v0.3.1" Version [v0.3.1](https://github.com/anchore/vunnel/releases/tag/v0.3.1) -## [v0.3.1](https://github.com/anchore/vunnel/tree/v0.3.1) (2023-01-30) - -[Full Changelog](https://github.com/anchore/vunnel/compare/v0.3.0...v0.3.1) - -## Bug Fixes - +## [v0.3.1](https://github.com/anchore/vunnel/tree/v0.3.1) (2023-01-30) + +[Full Changelog](https://github.com/anchore/vunnel/compare/v0.3.0...v0.3.1) + +## Bug Fixes + - fix: ensure git reset before pull in ubuntu provider [[PR #52](https://github.com/anchore/vunnel/pull/52)] [[westonsteimel](https://github.com/westonsteimel)] diff --git a/content/docs/releases/vunnel/v0.3.2.md b/content/docs/releases/vunnel/v0.3.2.md index 14027205..ad297b2d 100644 --- a/content/docs/releases/vunnel/v0.3.2.md +++ b/content/docs/releases/vunnel/v0.3.2.md @@ -11,8 +11,8 @@ description = "Release notes for vunnel v0.3.2" Version [v0.3.2](https://github.com/anchore/vunnel/releases/tag/v0.3.2) -## [v0.3.2](https://github.com/anchore/vunnel/tree/v0.3.2) (2023-01-30) - -[Full Changelog](https://github.com/anchore/vunnel/compare/v0.3.1...v0.3.2) - +## [v0.3.2](https://github.com/anchore/vunnel/tree/v0.3.2) (2023-01-30) + +[Full Changelog](https://github.com/anchore/vunnel/compare/v0.3.1...v0.3.2) + • fix: remove flawed skip_if_exists logic [[PR #53](https://github.com/anchore/vunnel/pull/53)] [[westonsteimel](https://github.com/westonsteimel)] diff --git a/content/docs/releases/vunnel/v0.7.0.md b/content/docs/releases/vunnel/v0.7.0.md index 3f378488..799ac080 100644 --- a/content/docs/releases/vunnel/v0.7.0.md +++ b/content/docs/releases/vunnel/v0.7.0.md @@ -11,10 +11,10 @@ description = "Release notes for vunnel v0.7.0" Version [v0.7.0](https://github.com/anchore/vunnel/releases/tag/v0.7.0) -## [v0.7.0](https://github.com/anchore/vunnel/tree/v0.7.0) (2023-03-21) - -[Full Changelog](https://github.com/anchore/vunnel/compare/v0.6.0...v0.7.0) - -## Added Features - +## [v0.7.0](https://github.com/anchore/vunnel/tree/v0.7.0) (2023-03-21) + +[Full Changelog](https://github.com/anchore/vunnel/compare/v0.6.0...v0.7.0) + +## Added Features + - Add version flag [[PR #119](https://github.com/anchore/vunnel/pull/119)] [[wagoodman](https://github.com/wagoodman)] diff --git a/content/docs/releases/vunnel/v0.8.1.md b/content/docs/releases/vunnel/v0.8.1.md index 94cf6be8..a0a26472 100644 --- a/content/docs/releases/vunnel/v0.8.1.md +++ b/content/docs/releases/vunnel/v0.8.1.md @@ -11,14 +11,15 @@ description = "Release notes for vunnel v0.8.1" Version [v0.8.1](https://github.com/anchore/vunnel/releases/tag/v0.8.1) -## [v0.8.1](https://github.com/anchore/vunnel/tree/v0.8.1) (2023-03-28) - -[Full Changelog](https://github.com/anchore/vunnel/compare/v0.8.0...v0.8.1) - -## Features - -- Added provider for Chainguard Linux [[PR #132 ](https://github.com/anchore/vunnel/pull/132)][[luhring](https://github.com/luhring)] -## Additional Changes - -- Fix grype-db install within quality gate [[PR #135](https://github.com/anchore/vunnel/pull/135)] [[wagoodman](https://github.com/wagoodman)] +## [v0.8.1](https://github.com/anchore/vunnel/tree/v0.8.1) (2023-03-28) + +[Full Changelog](https://github.com/anchore/vunnel/compare/v0.8.0...v0.8.1) + +## Features + +- Added provider for Chainguard Linux [[PR #132 ](https://github.com/anchore/vunnel/pull/132)][[luhring](https://github.com/luhring)] + +## Additional Changes + +- Fix grype-db install within quality gate [[PR #135](https://github.com/anchore/vunnel/pull/135)] [[wagoodman](https://github.com/wagoodman)] - feat: expose function for provider->version map [[PR #136](https://github.com/anchore/vunnel/pull/136)] [[westonsteimel](https://github.com/westonsteimel)] diff --git a/data/adopters.json b/data/adopters.json index 8ac28abb..8a29dc6a 100644 --- a/data/adopters.json +++ b/data/adopters.json @@ -5,16 +5,16 @@ "url": "https://github.com/docker" }, { - "org": "SAP", + "org": "SAP", "img": "https://avatars.githubusercontent.com/u/2531208?s=400&v=4", "url": "https://github.com/SAP" }, { "org": "Grafana", - "img": "https://avatars.githubusercontent.com/u/7195757?s=400&v=4", + "img": "https://avatars.githubusercontent.com/u/7195757?s=400&v=4", "url": "https://github.com/grafana" }, - { + { "org": "OpenTelemetry", "img": "https://avatars.githubusercontent.com/u/49998002?s=400&v=4", "url": "https://github.com/open-telemetry" diff --git a/layouts/_partials/navbar.html b/layouts/_partials/navbar.html index efab3259..9edef333 100644 --- a/layouts/_partials/navbar.html +++ b/layouts/_partials/navbar.html @@ -64,4 +64,4 @@ - \ No newline at end of file + diff --git a/layouts/docs/baseof.html b/layouts/docs/baseof.html index 27686b65..a9d2931f 100644 --- a/layouts/docs/baseof.html +++ b/layouts/docs/baseof.html @@ -43,4 +43,4 @@ {{ partial "scripts.html" . }} - \ No newline at end of file + diff --git a/layouts/shortcodes/adopters-list.html b/layouts/shortcodes/adopters-list.html index cb8371dd..b4a11451 100644 --- a/layouts/shortcodes/adopters-list.html +++ b/layouts/shortcodes/adopters-list.html @@ -18,4 +18,4 @@
{{ .org }}
{{ else }}

No adopters data found. Check your data file.

-{{ end }} \ No newline at end of file +{{ end }} diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 00000000..d3b59440 --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,67 @@ +[project] +name = "oss-doc-scripts" +version = "0.1.0" +description = "Helper scripts for generating documentation" +readme = "README.md" +requires-python = ">=3.12" +dependencies = ["requests>=2.32.5"] + +[tool.setuptools] +packages = [] # no Python packages to install - this is a Hugo site with helper scripts + +[tool.pytest.ini_options] +pythonpath = ["scripts"] + +[dependency-groups] +dev = [ + "pre-commit>=4.3.0", + "pyrefly>=0.29.0", + "pytest>=8.4.1", + "pytest-snapshot>=0.9.0", + "pytest-sugar>=1.0.0", + "ruff>=0.12.7", + "ty>=0.0.1a18", +] + +[tool.ruff] +line-length = 88 +target-version = "py311" +cache-dir = ".cache/ruff" + +[tool.ruff.lint] +select = [ + "E", # pycodestyle errors + "W", # pycodestyle warnings + "F", # pyflakes + "I", # isort + "B", # flake8-bugbear + "C4", # flake8-comprehensions + "UP", # pyupgrade +] +ignore = [ + "E501", # line too long, handled by black + "B008", # do not perform function calls in argument defaults + "C901", # too complex +] + +[tool.ruff.lint.per-file-ignores] +"__init__.py" = ["F401"] + +[tool.mypy] +python_version = "3.11" +warn_return_any = true +warn_unused_configs = true +disallow_untyped_defs = true +disallow_incomplete_defs = true +check_untyped_defs = true +disallow_untyped_decorators = true +implicit_optional = true +warn_redundant_casts = true +warn_unused_ignores = true +warn_no_return = true +warn_unreachable = true +strict_equality = true + +[tool.ty] + +[tool.pyrefly] diff --git a/scripts/.gitignore b/scripts/.gitignore deleted file mode 100644 index 0544abe3..00000000 --- a/scripts/.gitignore +++ /dev/null @@ -1 +0,0 @@ -crawler/ \ No newline at end of file diff --git a/scripts/README.md b/scripts/README.md index 656966be..e63bb6da 100644 --- a/scripts/README.md +++ b/scripts/README.md @@ -15,14 +15,14 @@ pip install requests packaging `generate-release-notes.sh` - a helper script around `release-to-hugo.py` that pulls release notes for all our open source repos. -e.g. +e.g. `scripts/generate-release-notes.sh` -`github-releases-to-hugo.py` - generate release notes in Hugo format, from the ones in the repos. Also generates a truncated `_index.md` which Run once per repo specifying the Anchore repo name, the output directory, and weight. +`github-releases-to-hugo.py` - generate release notes in Hugo format, from the ones in the repos. Also generates a truncated `_index.md` which Run once per repo specifying the Anchore repo name, the output directory, and weight. `--weight` controls the position of the item in the releases menu, with lower numbers at the top. I have put them in the order, syft (10), grype (20), grant (30), grype-db (40), vunnel (50), sbom-action (60), scan-action (70), stereoscope (80) (see `generate-release-notes.sh`, above). It won't generate a release notes file if one already exists. To re-generate them all, just delete all the `content/oss/releases/v*.md` files, and run again. -e.g. +e.g. `python scripts/github-releases-to-hugo.py --repo syft --output-dir content/oss/releases/syft --weight 10` diff --git a/scripts/generate-adopters-info.sh b/scripts/generate-adopters-info.sh index 56606036..eca4a7a3 100755 --- a/scripts/generate-adopters-info.sh +++ b/scripts/generate-adopters-info.sh @@ -1,6 +1,6 @@ #!/bin/bash -# This script generates a markdown file in content/community/adopters.md +# This script generates a markdown file in content/community/adopters.md # with the list of GitHub orgs/repositories that consume on a given OSS project. # It uses the `github-dependents-info` python tool to gather this information. @@ -28,7 +28,7 @@ if [ ! -d ".venv" ]; then fi # Activate the virtual environment -if ! source .venv/bin/activate; then +if ! source .venv/bin/activate; then echo "Failed to activate the virtual environment. Exiting." exit 1 fi @@ -78,7 +78,7 @@ cat << EOF >> "$tmpadoptersfile" More organisations below are all adopters of our tools, in public GitHub repositories. -{{% cardpane %}} +{{% cardpane %}} {{% card title="Syft" %}} EOF @@ -97,7 +97,7 @@ cat << EOF >> "$tmpadoptersfile" {{% /card %}} {{% /cardpane %}} -{{% cardpane %}} +{{% cardpane %}} {{% card title="SBOM Action" %}} EOF @@ -130,8 +130,8 @@ mv "$tmpadoptersfile" content/about/adopters.md # fi # # Commit the changes -# if ! git commit -m "Update adopters page with latest data"; then +# if ! git commit -m "Update adopters page with latest data"; then # echo "Failed to commit changes. Exiting." # exit 1 # fi -# echo "All adopters info has been generated and committed!" \ No newline at end of file +# echo "All adopters info has been generated and committed!" diff --git a/scripts/generate-reference-cli-docs.py b/scripts/generate-reference-cli-docs.py deleted file mode 100755 index 59ebf515..00000000 --- a/scripts/generate-reference-cli-docs.py +++ /dev/null @@ -1,188 +0,0 @@ -#!/usr/bin/env python3 -""" -Generate command reference documentation from container images. -Supports Cobra-based CLIs (like Syft and Grype). -""" -import subprocess -import sys -import os -import argparse -from collections import deque - - -def run_docker_command(image, cmd_parts, timeout=10): - """Run a command inside a Docker container.""" - docker_cmd = ['docker', 'run', '--rm', image] + cmd_parts - try: - result = subprocess.run(docker_cmd, - capture_output=True, text=True, timeout=timeout) - return result.stdout, result.stderr, result.returncode - except subprocess.TimeoutExpired: - return "", "Command timed out", 1 - except Exception as e: - return "", str(e), 1 - - -def get_version_info(image, app_name): - """Get version information from the app.""" - stdout, stderr, returncode = run_docker_command(image, ['version']) - if returncode == 0: - return stdout.strip() - raise RuntimeError(f"Failed to retrieve version info from the image '{image}'.") - - -def get_subcommands(image, cmd_parts): - """Extract subcommands from help output.""" - stdout, stderr, returncode = run_docker_command(image, cmd_parts + ['help']) - - if returncode != 0: - return [] - - lines = stdout.split('\n') - in_commands_section = False - commands = [] - - for line in lines: - if 'Available Commands:' in line: - in_commands_section = True - continue - elif in_commands_section: - if line.startswith(' ') and line.strip(): - cmd = line.strip().split()[0] - if cmd not in ['help', 'completion', 'version']: - commands.append(cmd) - elif line.strip() == '' or not line.startswith(' '): - break - - return commands - - -def get_command_help(image, cmd_parts): - """Get help output for a specific command.""" - print(" ...Getting help output for command:", ' '.join(cmd_parts) if cmd_parts else '(main help)') - - # Try both 'help' and '--help' patterns - for help_flag in ['help', '--help']: - if help_flag == 'help': - full_cmd = cmd_parts + [help_flag] - else: - full_cmd = cmd_parts + [help_flag] - - stdout, stderr, returncode = run_docker_command(image, full_cmd) - if returncode == 0 and stdout.strip(): - return stdout.strip() - - raise RuntimeError(f"Failed to retrieve help for command: {' '.join(cmd_parts)}") - - -def discover_all_commands(image, app_name): - """Discover all commands recursively.""" - queue = deque([([], [])]) # Start with empty cmd_parts since container runs tool directly - all_commands = [] - - while queue: - cmd_parts, path = queue.popleft() - - # Record current command path - if path: - all_commands.append(path.copy()) - - # Get subcommands - subcommands = get_subcommands(image, cmd_parts) - - # Add subcommands to queue - for subcmd in subcommands: - new_cmd_parts = cmd_parts + [subcmd] - new_path = path + [subcmd] - queue.append((new_cmd_parts, new_path)) - - return all_commands - - -def generate_markdown_content(image, app_name, tool_name): - """Generate the complete markdown content.""" - # Prepare tool name for display - tool_display = tool_name.title() - - # Generate front matter - content = f"""+++ -title = "{tool_display} Command Line Reference" -linkTitle = "{tool_display} CLI" -weight = 20 -tags = ['{tool_name.lower()}'] -categories = ['reference'] -url = "docs/reference/commands/{tool_name.lower()}" -+++ - -""" - - # Add version information - version_info = get_version_info(image, app_name) - content += f"### `{app_name} version`\n\n```\n{version_info}\n```\n\n" - - # Add main help - main_help = get_command_help(image, []) # Empty cmd_parts for main help - content += f"### `{app_name} help`\n\n```\n{main_help}\n```\n\n" - - # Discover and add all subcommands - commands = discover_all_commands(image, app_name) - - # Sort commands to ensure consistent output - commands.sort() - - for cmd_path in commands: - cmd_string = ' '.join(cmd_path) - - help_output = get_command_help(image, cmd_path) # Use cmd_path directly since container runs tool directly - content += f"### `{app_name} {cmd_string}`\n\n```\n{help_output}\n```\n\n" - - return content - - -def main(): - parser = argparse.ArgumentParser(description='Generate command reference documentation') - parser.add_argument('image', help='Container image (e.g., anchore/syft:latest)') - parser.add_argument('--output', '-o', required=True, help='Output markdown file path') - parser.add_argument('--tool-name', help='Tool name for documentation (auto-detected if not provided)') - parser.add_argument('--app-name', help='App binary name (auto-detected if not provided)') - parser.add_argument('--mock', action='store_true', help='Generate mock documentation for testing') - - args = parser.parse_args() - - # Auto-detect tool and app names if not provided - if not args.tool_name: - # Extract tool name from image name (e.g., anchore/syft:latest -> syft) - image_parts = args.image.split('/') - if len(image_parts) > 1: - tool_part = image_parts[-1].split(':')[0] - else: - tool_part = args.image.split(':')[0] - args.tool_name = tool_part - - if not args.app_name: - args.app_name = args.tool_name - - print(f"Generating CLI docs for {args.tool_name} using image {args.image}...") - - # Create output directory if it doesn't exist - output_dir = os.path.dirname(args.output) - if output_dir and not os.path.exists(output_dir): - os.makedirs(output_dir, exist_ok=True) - - # Generate markdown content - try: - content = generate_markdown_content(args.image, args.app_name, args.tool_name) - - # Write to file - with open(args.output, 'w', encoding='utf-8') as f: - f.write(content) - - print(f"CLI docs generated successfully: {args.output}") - - except Exception as e: - print(f"Error generating documentation: {e}", file=sys.stderr) - sys.exit(1) - - -if __name__ == "__main__": - main() \ No newline at end of file diff --git a/scripts/generate-release-notes.sh b/scripts/generate-release-notes.sh index cfcbf104..6b9e002c 100755 --- a/scripts/generate-release-notes.sh +++ b/scripts/generate-release-notes.sh @@ -20,23 +20,23 @@ BASE_OUTPUT_DIR="content/docs/releases" for repo_info in "${REPOS[@]}"; do # Split the repo_info string by colon IFS=':' read -r repo_name weight output_subdir <<< "$repo_info" - + # Construct the output directory output_dir="${BASE_OUTPUT_DIR}/${output_subdir}" - + echo "Processing ${repo_name} with weight ${weight}..." - + # Call the Python script with the appropriate arguments python scripts/release-to-hugo.py --repo "$repo_name" --output-dir "$output_dir" --weight "$weight" - + # Check if the previous command was successful if [ $? -eq 0 ]; then echo "✅ Successfully generated release notes for ${repo_name}" else echo "❌ Failed to generate release notes for ${repo_name}" fi - + echo "-----------------------------------" done -echo "All release notes have been generated!" \ No newline at end of file +echo "All release notes have been generated!" diff --git a/scripts/generate_reference_cli_docs.py b/scripts/generate_reference_cli_docs.py new file mode 100755 index 00000000..84c51e8b --- /dev/null +++ b/scripts/generate_reference_cli_docs.py @@ -0,0 +1,357 @@ +#!/usr/bin/env python3 +""" +Generate command reference documentation from container images. +Supports Cobra-based CLIs (like Syft and Grype). +""" + +import argparse +import os +import subprocess +import sys +from collections import deque + + +def main() -> None: + parser = argparse.ArgumentParser( + description="Generate command reference documentation" + ) + parser.add_argument("image", help="Container image (e.g., anchore/syft:latest)") + parser.add_argument( + "--output", "-o", required=True, help="Output markdown file path" + ) + parser.add_argument( + "--tool-name", + help="Tool name for documentation (auto-detected if not provided)", + ) + parser.add_argument( + "--app-name", help="App binary name (auto-detected if not provided)" + ) + parser.add_argument( + "--include-all-cmds", + action="store_true", + help="Include all commands including parent commands that have subcommands (default: only leaf commands)", + ) + parser.add_argument( + "--include-cmd", + action="append", + help="Include specific commands even if they are parent commands (can be used multiple times)", + ) + + args = parser.parse_args() + + # Auto-detect tool and app names if not provided + if not args.tool_name: + # Extract tool name from image name (e.g., anchore/syft:latest -> syft) + image_parts = args.image.split("/") + if len(image_parts) > 1: + tool_part = image_parts[-1].split(":")[0] + else: + tool_part = args.image.split(":")[0] + args.tool_name = tool_part + + if not args.app_name: + args.app_name = args.tool_name + + print(f"Generating CLI docs for {args.tool_name} using image {args.image}...") + + # Create output directory if it doesn't exist + output_dir = os.path.dirname(args.output) + if output_dir and not os.path.exists(output_dir): + os.makedirs(output_dir, exist_ok=True) + + # Generate markdown content + try: + content = generate_markdown_content( + args.image, + args.app_name, + args.tool_name, + args.include_all_cmds, + args.include_cmd, + ) + + # Write to file + with open(args.output, "w", encoding="utf-8") as f: + f.write(content) + + print(f"CLI docs generated successfully: {args.output}") + + except Exception as e: + print(f"Error generating documentation: {e}", file=sys.stderr) + sys.exit(1) + + +def generate_markdown_content( + image, + app_name, + tool_name, + include_all_cmds: bool = False, + include_specific_cmds=None, +) -> str: + """Generate the complete markdown content.""" + # Prepare tool name for display + tool_display = tool_name.title() + + # Generate front matter + content = f"""+++ +title = "{tool_display} Command Line Reference" +linkTitle = "{tool_display} CLI" +weight = 20 +tags = ['{tool_name.lower()}'] +categories = ['reference'] +url = "docs/reference/commands/{tool_name.lower()}" ++++ + +""" + + # Add version info block at the top + version_info = get_version_info(image, app_name) + # Extract just the version line for the info block + version_lines = version_info.split("\n") + app_version = "unknown" + for line in version_lines: + if line.startswith("Version:") or line.startswith("version:"): + app_version = line.split(":", 1)[1].strip() + break + elif line.startswith(f"{tool_display}:") or line.startswith(f"{tool_name}:"): + app_version = line.split(":", 1)[1].strip() + break + elif "version" in line.lower() and ":" in line: + parts = line.split(":", 1) + if len(parts) == 2: + app_version = parts[1].strip() + break + + content += f"""{{{{< alert title="Note" >}}}} +This documentation was generated from {tool_display} version `{app_version}`. +{{{{< /alert >}}}} + +""" + + # Add main help at the top without header (entire output in code block) + main_help = get_command_help(image, []) # Empty cmd_parts for main help + content += f"```\n{main_help}\n```\n\n" + + # Discover and add all subcommands + all_commands, leaf_commands = discover_all_commands(image, app_name) + + # Choose which commands to include based on flags + if include_all_cmds: + # Include all commands + commands = all_commands + else: + # Start with leaf commands + commands = leaf_commands.copy() + + # Add any specifically requested commands + if include_specific_cmds: + for specific_cmd in include_specific_cmds: + # Parse the specific command into a list (e.g., "db search" -> ["db", "search"]) + cmd_parts = specific_cmd.strip().split() + + # Check if this command exists in all_commands + for cmd_path in all_commands: + if cmd_path == cmd_parts and cmd_path not in commands: + commands.append(cmd_path) + + # Sort commands to ensure consistent output + commands.sort() + + for cmd_path in commands: + cmd_string = " ".join(cmd_path) + + help_output = get_command_help( + image, cmd_path + ) # Use cmd_path directly since container runs tool directly + description, command_details = split_help_output( + help_output, is_main_help=False + ) + + content += f"### `{app_name} {cmd_string}`\n\n" + if description: + content += f"{description}\n\n" + content += f"```\n{command_details}\n```\n\n" + + return content + + +def discover_all_commands(image, app_name): + """Discover all commands recursively. + + Returns a tuple of (all_commands, leaf_commands) where: + - all_commands: list of all command paths + - leaf_commands: list of command paths that have no subcommands (leaf nodes) + """ + queue = deque( + [([], [])] + ) # Start with empty cmd_parts since container runs tool directly + all_commands = [] + commands_with_subcommands = set() + + while queue: + cmd_parts, path = queue.popleft() + + # Record current command path + if path: + all_commands.append(path.copy()) + + # Get subcommands + subcommands = get_subcommands(image, cmd_parts) + + # If this command has subcommands, mark it as a parent + if subcommands and path: + commands_with_subcommands.add(tuple(path)) + + # Add subcommands to queue + for subcmd in subcommands: + new_cmd_parts = cmd_parts + [subcmd] + new_path = path + [subcmd] + queue.append((new_cmd_parts, new_path)) + + # Determine leaf commands (commands that are not in commands_with_subcommands) + leaf_commands = [ + cmd for cmd in all_commands if tuple(cmd) not in commands_with_subcommands + ] + + return all_commands, leaf_commands + + +def get_subcommands(image, cmd_parts): + """Extract subcommands from help output.""" + stdout, stderr, returncode = run_docker_command(image, cmd_parts + ["help"]) + + if returncode != 0: + return [] + + lines = stdout.split("\n") + in_commands_section = False + commands = [] + + for line in lines: + if "Available Commands:" in line: + in_commands_section = True + continue + elif in_commands_section: + if line.startswith(" ") and line.strip(): + cmd = line.strip().split()[0] + if cmd not in ["help", "completion"]: + commands.append(cmd) + elif line.strip() == "" or not line.startswith(" "): + break + + return commands + + +def get_version_info(image, app_name) -> str: + """Get version information from the app.""" + stdout, stderr, returncode = run_docker_command(image, ["version"]) + if returncode == 0: + return stdout.strip() + raise RuntimeError(f"Failed to retrieve version info from the image '{image}'.") + + +def get_command_help(image, cmd_parts) -> str: + """Get help output for a specific command.""" + print( + " ...Getting help output for command:", + " ".join(cmd_parts) if cmd_parts else "(main help)", + ) + + for help_flag in ["--help"]: + if help_flag == "help": + full_cmd = cmd_parts + [help_flag] + else: + full_cmd = cmd_parts + [help_flag] + + stdout, stderr, returncode = run_docker_command(image, full_cmd) + if returncode == 0 and stdout.strip(): + return stdout.strip() + + raise RuntimeError(f"Failed to retrieve help for command: {' '.join(cmd_parts)}") + + +def split_help_output(help_output: str, is_main_help=False) -> tuple[str, str]: + """Split help output into description and command details. + + Returns a tuple of (description, command_details). + Description contains text before 'Usage:' line. + Command details contain everything from 'Usage:' onwards. + For non-main help, truncates content after 'Global Flags:'. + """ + lines = help_output.split("\n") + description_lines = [] + usage_index = -1 + + # Find the "Usage:" line and collect description lines preserving paragraph breaks + for i, line in enumerate(lines): + if line.startswith("Usage:"): + usage_index = i + break + # Collect all lines before Usage: (including empty lines for paragraph breaks) + description_lines.append(line.rstrip()) + + if usage_index == -1: + # No Usage: found, return full output as command details with empty description + return "", help_output + + # Process description lines to create proper markdown paragraphs + if description_lines: + # Remove trailing empty lines + while description_lines and not description_lines[-1].strip(): + description_lines.pop() + + # Treat each non-empty line as a separate paragraph for proper markdown formatting + description_parts = [] + + for line in description_lines: + if line.strip(): + description_parts.append(line.strip()) + + # Join paragraphs with double newlines for proper markdown + description = "\n\n".join(description_parts) + + if description: + # Capitalize the first letter + description = ( + description[0].upper() + description[1:] + if len(description) > 1 + else description.upper() + ) + # Ensure it ends with a period + if not description.endswith("."): + description += "." + else: + description = "" + + # Get everything from Usage: onwards + command_details_lines = lines[usage_index:] + + # For non-main help, truncate before "Global Flags:" + if not is_main_help: + truncated_lines = [] + for line in command_details_lines: + if line.strip().startswith("Global Flags:"): + break + truncated_lines.append(line) + command_details_lines = truncated_lines + + command_details = "\n".join(command_details_lines) + + return description, command_details + + +def run_docker_command(image, cmd_parts: list[str], timeout=10) -> tuple[str, str, int]: + """Run a command inside a Docker container.""" + docker_cmd = ["docker", "run", "--rm", image] + cmd_parts + try: + result = subprocess.run( + docker_cmd, capture_output=True, text=True, timeout=timeout + ) + return result.stdout, result.stderr, result.returncode + except subprocess.TimeoutExpired: + return "", "Command timed out", 1 + except Exception as e: + return "", str(e), 1 + + +if __name__ == "__main__": + main() diff --git a/scripts/generate-reference-config-docs.py b/scripts/generate_reference_config_docs.py similarity index 60% rename from scripts/generate-reference-config-docs.py rename to scripts/generate_reference_config_docs.py index cedfb3b7..c55b85f0 100755 --- a/scripts/generate-reference-config-docs.py +++ b/scripts/generate_reference_config_docs.py @@ -3,34 +3,69 @@ Generate configuration documentation from container images. Supports tools that have a 'config' subcommand (like Syft and Grype). """ + +import argparse +import os import subprocess import sys -import os -import argparse -def run_docker_command(image, cmd_parts, timeout=10): - """Run a command inside a Docker container.""" - docker_cmd = ['docker', 'run', '--rm', image] + cmd_parts +def main() -> None: + parser = argparse.ArgumentParser( + description="Generate configuration reference documentation" + ) + parser.add_argument("image", help="Container image (e.g., anchore/syft:latest)") + parser.add_argument( + "--output", "-o", required=True, help="Output markdown file path" + ) + parser.add_argument( + "--tool-name", + help="Tool name for documentation (auto-detected if not provided)", + ) + parser.add_argument( + "--app-name", help="App binary name (auto-detected if not provided)" + ) + + args = parser.parse_args() + + # Auto-detect tool and app names if not provided + if not args.tool_name: + # Extract tool name from image name (e.g., anchore/syft:latest -> syft) + image_parts = args.image.split("/") + if len(image_parts) > 1: + tool_part = image_parts[-1].split(":")[0] + else: + tool_part = args.image.split(":")[0] + args.tool_name = tool_part + + if not args.app_name: + args.app_name = args.tool_name + + print( + f"Generating configuration docs for {args.tool_name} using image {args.image}..." + ) + + # Create output directory if it doesn't exist + output_dir = os.path.dirname(args.output) + if output_dir and not os.path.exists(output_dir): + os.makedirs(output_dir, exist_ok=True) + + # Generate markdown content try: - result = subprocess.run(docker_cmd, - capture_output=True, text=True, timeout=timeout) - return result.stdout, result.stderr, result.returncode - except subprocess.TimeoutExpired: - return "", "Command timed out", 1 - except Exception as e: - return "", str(e), 1 + content = generate_markdown_content(args.image, args.app_name, args.tool_name) + # Write to file + with open(args.output, "w", encoding="utf-8") as f: + f.write(content) -def get_config_output(image): - """Get configuration output from the app.""" - stdout, stderr, returncode = run_docker_command(image, ['config']) - if returncode == 0: - return stdout.strip() - return None + print(f"Configuration docs generated successfully: {args.output}") + + except Exception as e: + print(f"Error generating configuration documentation: {e}", file=sys.stderr) + sys.exit(1) -def generate_markdown_content(image, app_name, tool_name): +def generate_markdown_content(image, app_name, tool_name) -> str: """Generate the complete markdown content for config documentation.""" # Prepare tool name for display tool_display = tool_name.title() @@ -53,54 +88,34 @@ def generate_markdown_content(image, app_name, tool_name): if config_output: content += f"```yaml\n{config_output}\n```\n\n" else: - raise RuntimeError(f"Failed to retrieve configuration from the image '{image}'.") + raise RuntimeError( + f"Failed to retrieve configuration from the image '{image}'." + ) return content -def main(): - parser = argparse.ArgumentParser(description='Generate configuration reference documentation') - parser.add_argument('image', help='Container image (e.g., anchore/syft:latest)') - parser.add_argument('--output', '-o', required=True, help='Output markdown file path') - parser.add_argument('--tool-name', help='Tool name for documentation (auto-detected if not provided)') - parser.add_argument('--app-name', help='App binary name (auto-detected if not provided)') - - args = parser.parse_args() - - # Auto-detect tool and app names if not provided - if not args.tool_name: - # Extract tool name from image name (e.g., anchore/syft:latest -> syft) - image_parts = args.image.split('/') - if len(image_parts) > 1: - tool_part = image_parts[-1].split(':')[0] - else: - tool_part = args.image.split(':')[0] - args.tool_name = tool_part - - if not args.app_name: - args.app_name = args.tool_name +def get_config_output(image) -> str | None: + """Get configuration output from the app.""" + stdout, stderr, returncode = run_docker_command(image, ["config"]) + if returncode == 0: + return stdout.strip() + return None - print(f"Generating configuration docs for {args.tool_name} using image {args.image}...") - # Create output directory if it doesn't exist - output_dir = os.path.dirname(args.output) - if output_dir and not os.path.exists(output_dir): - os.makedirs(output_dir, exist_ok=True) - - # Generate markdown content +def run_docker_command(image, cmd_parts: list[str], timeout=10) -> tuple[str, str, int]: + """Run a command inside a Docker container.""" + docker_cmd = ["docker", "run", "--rm", image] + cmd_parts try: - content = generate_markdown_content(args.image, args.app_name, args.tool_name) - - # Write to file - with open(args.output, 'w', encoding='utf-8') as f: - f.write(content) - - print(f"Configuration docs generated successfully: {args.output}") - + result = subprocess.run( + docker_cmd, capture_output=True, text=True, timeout=timeout + ) + return result.stdout, result.stderr, result.returncode + except subprocess.TimeoutExpired: + return "", "Command timed out", 1 except Exception as e: - print(f"Error generating configuration documentation: {e}", file=sys.stderr) - sys.exit(1) + return "", str(e), 1 if __name__ == "__main__": - main() \ No newline at end of file + main() diff --git a/scripts/release-to-hugo.py b/scripts/release-to-hugo.py index c5d7aeb7..792ef888 100644 --- a/scripts/release-to-hugo.py +++ b/scripts/release-to-hugo.py @@ -7,58 +7,61 @@ and converting GitHub usernames to links. """ -import os -import requests -from datetime import datetime import argparse +import os import re +from datetime import datetime + +import requests # GitHub API configuration HEADERS = {"Accept": "application/vnd.github.v3+json"} -def fetch_releases(repo, token=None, limit=None): + +def fetch_releases(repo: str, token=None, limit=None): """Fetch releases from GitHub API for the given repository""" if token: HEADERS["Authorization"] = f"token {token}" - + all_releases = [] page = 1 per_page = 100 base_url = f"https://api.github.com/repos/{repo}/releases" - + while True: response = requests.get( - f"{base_url}?page={page}&per_page={per_page}", - headers=HEADERS + f"{base_url}?page={page}&per_page={per_page}", headers=HEADERS ) response.raise_for_status() releases = response.json() - + if not releases: break - + all_releases.extend(releases) - + if limit and len(all_releases) >= limit: all_releases = all_releases[:limit] break - + page += 1 - + return all_releases -def link_github_users(text): + +def link_github_users(text: str) -> str: """Replace @username with [@username](https://github.com/username), but only if not already a link""" - return re.sub(r'(? str: """Generate Hugo markdown content for a release with minimal processing""" # Format release date - release_date = datetime.strptime(release['published_at'], "%Y-%m-%dT%H:%M:%SZ") + release_date = datetime.strptime(release["published_at"], "%Y-%m-%dT%H:%M:%SZ") formatted_date = release_date.strftime("%Y-%m-%dT%H:%M:%SZ") # Extract version number - version = release['tag_name'] + version = release["tag_name"] # Create the Hugo front matter content = f"""+++ @@ -72,28 +75,39 @@ def generate_hugo_content(release, repo_name): ## Release Notes -Version [{version}]({release['html_url']}) +Version [{version}]({release["html_url"]}) """ # Add the release body with minimal processing - body = release['body'] if release['body'] else "" + body = release["body"] if release["body"] else "" # Clean up the body text # Remove any ref to 'Release Notes:' or '# Release Notes:' since we add that ourselves - body = re.sub(r'^#+\s*Release Notes:.*?\n', '', body, flags=re.IGNORECASE | re.MULTILINE) + body = re.sub( + r"^#+\s*Release Notes:.*?\n", "", body, flags=re.IGNORECASE | re.MULTILINE + ) # Remove duplicate version headings (h1) since version is already in front matter title - body = re.sub(r'^#+\s*' + re.escape(version) + r'\s*\n', '', body, flags=re.MULTILINE) + body = re.sub( + r"^#+\s*" + re.escape(version) + r"\s*\n", "", body, flags=re.MULTILINE + ) # Remove "Changelog" headings (any level) with following newlines - body = re.sub(r'^#+\s*Changelog\s*\n+', '', body, flags=re.IGNORECASE | re.MULTILINE) + body = re.sub( + r"^#+\s*Changelog\s*\n+", "", body, flags=re.IGNORECASE | re.MULTILINE + ) # Remove auto-generated changelog footers - body = re.sub(r'\n*\\\?\*\s*\*?This\s+Changelog.*generated.*\*.*$', '', body, flags=re.IGNORECASE | re.MULTILINE) + body = re.sub( + r"\n*\\\?\*\s*\*?This\s+Changelog.*generated.*\*.*$", + "", + body, + flags=re.IGNORECASE | re.MULTILINE, + ) # Convert h3 headings to h2 to fix heading increment issues (h1 in title -> h2 next) - body = re.sub(r'^### ', '## ', body, flags=re.MULTILINE) + body = re.sub(r"^### ", "## ", body, flags=re.MULTILINE) # Link GitHub usernames body = link_github_users(body) @@ -103,13 +117,29 @@ def generate_hugo_content(release, repo_name): return content -def main(): - parser = argparse.ArgumentParser(description='Generate Hugo markdown files from GitHub releases with minimal processing') - parser.add_argument('--repo', required=True, help='Repository name (e.g., syft, grype). Always uses anchore/') - parser.add_argument('--token', help='GitHub API token for authentication') - parser.add_argument('--output-dir', required=True, help='Directory to save the Hugo markdown files') - parser.add_argument('--limit', type=int, help='Limit the number of releases to process') - parser.add_argument('--weight', type=int, default=10, help='Weight for the _index.md front matter (default: 10)') + +def main() -> None: + parser = argparse.ArgumentParser( + description="Generate Hugo markdown files from GitHub releases with minimal processing" + ) + parser.add_argument( + "--repo", + required=True, + help="Repository name (e.g., syft, grype). Always uses anchore/", + ) + parser.add_argument("--token", help="GitHub API token for authentication") + parser.add_argument( + "--output-dir", required=True, help="Directory to save the Hugo markdown files" + ) + parser.add_argument( + "--limit", type=int, help="Limit the number of releases to process" + ) + parser.add_argument( + "--weight", + type=int, + default=10, + help="Weight for the _index.md front matter (default: 10)", + ) args = parser.parse_args() repo_name = args.repo @@ -125,7 +155,7 @@ def main(): # Process each release for release in releases: - if release.get('draft'): + if release.get("draft"): print(f"Skipping draft release: {release['tag_name']}") continue @@ -143,7 +173,7 @@ def main(): content = generate_hugo_content(release, repo_name) # Write the file - with open(filepath, 'w') as f: + with open(filepath, "w") as f: f.write(content) print(f"Created {filepath}") @@ -152,21 +182,29 @@ def main(): # List the most recent 10 releases (sorted by version tag, descending) try: from packaging.version import parse as parse_version - - release_tags = [release['tag_name'] for release in releases if not release.get('draft')] + + release_tags = [ + release["tag_name"] for release in releases if not release.get("draft") + ] # Only include releases that were not skipped due to existing file - release_tags = [tag for tag in release_tags if os.path.exists(os.path.join(args.output_dir, f"{tag}.md"))] + release_tags = [ + tag + for tag in release_tags + if os.path.exists(os.path.join(args.output_dir, f"{tag}.md")) + ] # Sort tags by semantic version (if possible), otherwise by string - release_tags_sorted = sorted(release_tags, key=lambda v: parse_version(v), reverse=True) + release_tags_sorted = sorted( + release_tags, key=lambda v: parse_version(v), reverse=True + ) latest_10 = release_tags_sorted[:10] - + # Compose _index.md front matter and list repo_tag = repo_name repo_title = repo_name.capitalize() index_md = f"""+++ tags = ['{repo_tag}'] categories = ['release'] -title = \"{repo_title} Release Notes\" +title = \"{repo_title} Release Notes\" linkTitle = \"{repo_title}\" url = \"docs/releases/{repo_name}\" description = \"Anchore {repo_title} Release Notes\" @@ -176,12 +214,15 @@ def main(): for tag in latest_10: index_md += f"- [{tag}](./{tag}/)\n" # Write _index.md - with open(os.path.join(args.output_dir, '_index.md'), 'w') as f: + with open(os.path.join(args.output_dir, "_index.md"), "w") as f: f.write(index_md) except ImportError: - print("Warning: packaging.version not available. Skipping _index.md generation.") + print( + "Warning: packaging.version not available. Skipping _index.md generation." + ) print("Done!") + if __name__ == "__main__": main() diff --git a/scripts/validate-hugo.sh b/scripts/validate-hugo.sh index 54b900b6..1c39a62d 100755 --- a/scripts/validate-hugo.sh +++ b/scripts/validate-hugo.sh @@ -101,4 +101,4 @@ if [ $ERRORS -eq 0 ]; then else error "$ERRORS validation errors found" exit 1 -fi \ No newline at end of file +fi diff --git a/static/images/logos/anchore-logo-inverted.svg b/static/images/logos/anchore-logo-inverted.svg index a3fd91a4..69b9cf26 100644 --- a/static/images/logos/anchore-logo-inverted.svg +++ b/static/images/logos/anchore-logo-inverted.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/static/images/logos/anchore-logo-minimal-inverted.svg b/static/images/logos/anchore-logo-minimal-inverted.svg index 87717d1b..713721a0 100644 --- a/static/images/logos/anchore-logo-minimal-inverted.svg +++ b/static/images/logos/anchore-logo-minimal-inverted.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/static/images/logos/anchore-logo.svg b/static/images/logos/anchore-logo.svg index 6b3ead47..5f4762c8 100644 --- a/static/images/logos/anchore-logo.svg +++ b/static/images/logos/anchore-logo.svg @@ -1 +1 @@ -Asset 1 \ No newline at end of file +Asset 1 diff --git a/tasks.d/generate.yaml b/tasks.d/generate.yaml index c9d2b7bb..5f2b7c80 100644 --- a/tasks.d/generate.yaml +++ b/tasks.d/generate.yaml @@ -1,18 +1,55 @@ version: '3' tasks: + + # Orchestration task to generate all reference documentation + reference: + desc: Generate all reference documentation (Syft + Grype, CLI + config) + deps: + - syft + - grype + + # Trigger GitHub Actions workflow to generate docs and create PR + reference:pr: + desc: Trigger GitHub Actions workflow to generate reference docs and create PR + cmds: + - | + echo "🚀 Triggering GitHub Actions workflow to generate reference docs..." + if gh workflow run update-reference-docs.yaml; then + echo "✅ Workflow triggered successfully!" + echo "📍 Check progress: gh run list --workflow=update-reference-docs.yaml" + echo "📍 Or visit: https://github.com/$(gh repo view --json owner,name -q '.owner.login + \"/\" + .name')/actions" + else + echo "❌ Failed to trigger workflow. Make sure:" + echo " 1. The workflow file is committed and pushed to the default branch" + echo " 2. You're authenticated with GitHub CLI (gh auth login)" + echo " 3. You have workflow dispatch permissions on this repository" + fi + + # release notes... + update-release-notes: + desc: Generate release notes for all projects + dir: scripts + cmds: + - ./generate-release-notes.sh + + # adopters pages... + update-adopters: + desc: Update adopters information + dir: scripts + cmds: + - ./generate-adopters-info.sh + # Syft tasks syft:cli: desc: Generate Syft command line reference documentation - dir: scripts cmds: - - python3 generate-reference-cli-docs.py anchore/syft:latest --output ../content/docs/reference/commands/syft.md --tool-name syft + - uv run ./scripts/generate_reference_cli_docs.py anchore/syft:latest --output ./content/docs/reference/commands/syft.md --tool-name syft syft:config: desc: Generate Syft configuration reference documentation - dir: scripts cmds: - - python3 generate-reference-config-docs.py anchore/syft:latest --output ../content/docs/reference/commands/syft-config.md --tool-name syft + - uv run ./scripts/generate_reference_config_docs.py anchore/syft:latest --output ./content/docs/reference/commands/syft-config.md --tool-name syft syft: desc: Generate all Syft documentation (CLI + config) @@ -23,42 +60,16 @@ tasks: # Grype tasks grype:cli: desc: Generate Grype command line reference documentation - dir: scripts cmds: - - python3 generate-reference-cli-docs.py anchore/grype:latest --output ../content/docs/reference/commands/grype.md --tool-name grype + - uv run ./scripts/generate_reference_cli_docs.py anchore/grype:latest --output ./content/docs/reference/commands/grype.md --tool-name grype grype:config: desc: Generate Grype configuration reference documentation - dir: scripts cmds: - - python3 generate-reference-config-docs.py anchore/grype:latest --output ../content/docs/reference/commands/grype-config.md --tool-name grype + - uv run ./scripts/generate_reference_config_docs.py anchore/grype:latest --output ./content/docs/reference/commands/grype-config.md --tool-name grype grype: desc: Generate all Grype documentation (CLI + config) deps: - grype:cli - grype:config - - # Master task to generate all reference documentation - reference: - desc: Generate all reference documentation (Syft + Grype, CLI + config) - deps: - - syft - - grype - - # Trigger GitHub Actions workflow to generate docs and create PR - reference:pr: - desc: Trigger GitHub Actions workflow to generate reference docs and create PR - cmds: - - | - echo "🚀 Triggering GitHub Actions workflow to generate reference docs..." - if gh workflow run update-reference-docs.yaml; then - echo "✅ Workflow triggered successfully!" - echo "📍 Check progress: gh run list --workflow=update-reference-docs.yaml" - echo "📍 Or visit: https://github.com/$(gh repo view --json owner,name -q '.owner.login + \"/\" + .name')/actions" - else - echo "❌ Failed to trigger workflow. Make sure:" - echo " 1. The workflow file is committed and pushed to the default branch" - echo " 2. You're authenticated with GitHub CLI (gh auth login)" - echo " 3. You have workflow dispatch permissions on this repository" - fi diff --git a/tasks.d/hugo.yaml b/tasks.d/hugo.yaml new file mode 100644 index 00000000..c0ee1451 --- /dev/null +++ b/tasks.d/hugo.yaml @@ -0,0 +1,75 @@ +version: '3' +vars: + TOOL_DIR: .tool + CACHE_DIR: .cache + + LYCHEE: '{{ .TOOL_DIR }}/lychee' + +env: + MAKEFLAGS: "--no-print-directory" + FORCE_COLOR: true + +tasks: + + default: + cmds: + - task: validate + + validate: + desc: Build and run all validations + cmds: + - task: build + - npm run validate + - task: test + + install: + desc: Install all development dependencies + cmds: + - npm install + - if [ "$CI" = "true" ]; then npm ci; fi + + build: + desc: Build Hugo site + sources: + - static/** + - content/** + - package.json + - package-lock.json + generates: + - public/** + - resources/** + cmds: + - npm run build + + dev: + desc: Start development environment with live reload + cmds: + - npm run dev + + lint: + desc: Run all linters + cmds: + - npm run lint + + lint-fix: + desc: Auto-fix linting issues where possible + cmds: + - npm run lint-fix + + test: + desc: Run all tests + cmds: + - task: links + + links: + desc: Check for broken links in the site + dir: '{{ .CACHE_DIR }}' + deps: + - build + cmds: + - '../{{ .LYCHEE }} -c ../.lychee.toml --root-dir "{{ .USER_WORKING_DIR }}/public" ../public --offline' + + clean: + desc: Clean build artifacts + cmds: + - npm run clean diff --git a/tasks.d/python.yaml b/tasks.d/python.yaml new file mode 100644 index 00000000..b247db68 --- /dev/null +++ b/tasks.d/python.yaml @@ -0,0 +1,55 @@ + +version: "3" + +env: + MAKEFLAGS: "--no-print-directory" + FORCE_COLOR: true + +tasks: + + default: + cmds: + - task: validate + + validate: + desc: Run all validation tasks + cmds: + - task: test + - task: lint + - task: check-types + + install: + desc: Install all development dependencies + cmds: + - uv sync --all-extras --dev + + format: + desc: Format the code + cmds: + - uv run ruff format + + lint: + desc: Run code linters + cmds: + - uv run ruff check scripts tests + + lint-fix: + desc: Run code lint fixers + cmds: + - uv run ruff check scripts tests --fix + - uv run pyrefly infer scripts + + test: + desc: Run all tests + cmds: + - task: unit + + unit: + desc: Run unit tests + cmds: + - uv run pytest ./tests -vv --color=yes + + check-types: + desc: Run ty type checking + cmds: + - uv run ty check scripts diff --git a/tests/__init__.py b/tests/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/tests/conftest.py b/tests/conftest.py new file mode 100644 index 00000000..e69de29b diff --git a/tests/fixtures/split_help_output/basic-help-with-description-and-usage.txt b/tests/fixtures/split_help_output/basic-help-with-description-and-usage.txt new file mode 100644 index 00000000..79d7e666 --- /dev/null +++ b/tests/fixtures/split_help_output/basic-help-with-description-and-usage.txt @@ -0,0 +1,10 @@ +A vulnerability scanner for container images and filesystems + +Usage: + grype [IMAGE] [flags] + +Flags: + -h, --help help for grype + +Global Flags: + -v, --verbose verbose output \ No newline at end of file diff --git a/tests/fixtures/split_help_output/description-already-ends-with-period.txt b/tests/fixtures/split_help_output/description-already-ends-with-period.txt new file mode 100644 index 00000000..e1afa8d4 --- /dev/null +++ b/tests/fixtures/split_help_output/description-already-ends-with-period.txt @@ -0,0 +1,4 @@ +This description already ends with a period. + +Usage: + tool command [flags] \ No newline at end of file diff --git a/tests/fixtures/split_help_output/description-with-lowercase-first-letter-gets-capitalized.txt b/tests/fixtures/split_help_output/description-with-lowercase-first-letter-gets-capitalized.txt new file mode 100644 index 00000000..d4b8e41b --- /dev/null +++ b/tests/fixtures/split_help_output/description-with-lowercase-first-letter-gets-capitalized.txt @@ -0,0 +1,4 @@ +display the version + +Usage: + tool version [flags] \ No newline at end of file diff --git a/tests/fixtures/split_help_output/description-with-multiple-empty-lines-between-paragraphs.txt b/tests/fixtures/split_help_output/description-with-multiple-empty-lines-between-paragraphs.txt new file mode 100644 index 00000000..48c6a5c4 --- /dev/null +++ b/tests/fixtures/split_help_output/description-with-multiple-empty-lines-between-paragraphs.txt @@ -0,0 +1,11 @@ +First paragraph + + +Second paragraph + + + +Third paragraph + +Usage: + tool command [flags] \ No newline at end of file diff --git a/tests/fixtures/split_help_output/description-with-only-whitespace-lines.txt b/tests/fixtures/split_help_output/description-with-only-whitespace-lines.txt new file mode 100644 index 00000000..c4e83659 --- /dev/null +++ b/tests/fixtures/split_help_output/description-with-only-whitespace-lines.txt @@ -0,0 +1,4 @@ + + +Usage: + tool command [flags] \ No newline at end of file diff --git a/tests/fixtures/split_help_output/description-with-trailing-empty-lines.txt b/tests/fixtures/split_help_output/description-with-trailing-empty-lines.txt new file mode 100644 index 00000000..658ed5a6 --- /dev/null +++ b/tests/fixtures/split_help_output/description-with-trailing-empty-lines.txt @@ -0,0 +1,5 @@ +Tool description + + +Usage: + tool command [flags] \ No newline at end of file diff --git a/tests/fixtures/split_help_output/empty-description.txt b/tests/fixtures/split_help_output/empty-description.txt new file mode 100644 index 00000000..801a48ff --- /dev/null +++ b/tests/fixtures/split_help_output/empty-description.txt @@ -0,0 +1,5 @@ +Usage: + tool command [flags] + +Flags: + -h, --help help \ No newline at end of file diff --git a/tests/fixtures/split_help_output/main-help-includes-global-flags.txt b/tests/fixtures/split_help_output/main-help-includes-global-flags.txt new file mode 100644 index 00000000..79d7e666 --- /dev/null +++ b/tests/fixtures/split_help_output/main-help-includes-global-flags.txt @@ -0,0 +1,10 @@ +A vulnerability scanner for container images and filesystems + +Usage: + grype [IMAGE] [flags] + +Flags: + -h, --help help for grype + +Global Flags: + -v, --verbose verbose output \ No newline at end of file diff --git a/tests/fixtures/split_help_output/multi-paragraph-description.txt b/tests/fixtures/split_help_output/multi-paragraph-description.txt new file mode 100644 index 00000000..696a768e --- /dev/null +++ b/tests/fixtures/split_help_output/multi-paragraph-description.txt @@ -0,0 +1,9 @@ +First paragraph of description + +Second paragraph with more details + +Usage: + tool command [flags] + +Flags: + -h, --help help \ No newline at end of file diff --git a/tests/fixtures/split_help_output/no-usage-line-found.txt b/tests/fixtures/split_help_output/no-usage-line-found.txt new file mode 100644 index 00000000..4934531e --- /dev/null +++ b/tests/fixtures/split_help_output/no-usage-line-found.txt @@ -0,0 +1,2 @@ +Some help text without a Usage: line +More help text \ No newline at end of file diff --git a/tests/fixtures/split_help_output/non-main-help-truncates-before-global-flags.txt b/tests/fixtures/split_help_output/non-main-help-truncates-before-global-flags.txt new file mode 100644 index 00000000..18e092e5 --- /dev/null +++ b/tests/fixtures/split_help_output/non-main-help-truncates-before-global-flags.txt @@ -0,0 +1,10 @@ +Description text + +Usage: + tool command [flags] + +Flags: + --local local flag + +Global Flags: + --global global flag \ No newline at end of file diff --git a/tests/fixtures/split_help_output/single-character-description.txt b/tests/fixtures/split_help_output/single-character-description.txt new file mode 100644 index 00000000..6b7ae416 --- /dev/null +++ b/tests/fixtures/split_help_output/single-character-description.txt @@ -0,0 +1,4 @@ +a + +Usage: + tool command [flags] \ No newline at end of file diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/basic-help-with-description-and-usage-False/description.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/basic-help-with-description-and-usage-False/description.txt new file mode 100644 index 00000000..9fcfce03 --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/basic-help-with-description-and-usage-False/description.txt @@ -0,0 +1 @@ +A vulnerability scanner for container images and filesystems. \ No newline at end of file diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/basic-help-with-description-and-usage-False/details.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/basic-help-with-description-and-usage-False/details.txt new file mode 100644 index 00000000..1e5e7cd9 --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/basic-help-with-description-and-usage-False/details.txt @@ -0,0 +1,5 @@ +Usage: + grype [IMAGE] [flags] + +Flags: + -h, --help help for grype diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-already-ends-with-period-False/description.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-already-ends-with-period-False/description.txt new file mode 100644 index 00000000..2b9fc487 --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-already-ends-with-period-False/description.txt @@ -0,0 +1 @@ +This description already ends with a period. \ No newline at end of file diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-already-ends-with-period-False/details.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-already-ends-with-period-False/details.txt new file mode 100644 index 00000000..ce5006cb --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-already-ends-with-period-False/details.txt @@ -0,0 +1,2 @@ +Usage: + tool command [flags] \ No newline at end of file diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-lowercase-first-letter-gets-capitalized-False/description.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-lowercase-first-letter-gets-capitalized-False/description.txt new file mode 100644 index 00000000..b5eced28 --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-lowercase-first-letter-gets-capitalized-False/description.txt @@ -0,0 +1 @@ +Display the version. \ No newline at end of file diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-lowercase-first-letter-gets-capitalized-False/details.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-lowercase-first-letter-gets-capitalized-False/details.txt new file mode 100644 index 00000000..d2ab9a23 --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-lowercase-first-letter-gets-capitalized-False/details.txt @@ -0,0 +1,2 @@ +Usage: + tool version [flags] \ No newline at end of file diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-multiple-empty-lines-between-paragraphs-False/description.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-multiple-empty-lines-between-paragraphs-False/description.txt new file mode 100644 index 00000000..b1e62d97 --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-multiple-empty-lines-between-paragraphs-False/description.txt @@ -0,0 +1,5 @@ +First paragraph + +Second paragraph + +Third paragraph. \ No newline at end of file diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-multiple-empty-lines-between-paragraphs-False/details.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-multiple-empty-lines-between-paragraphs-False/details.txt new file mode 100644 index 00000000..ce5006cb --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-multiple-empty-lines-between-paragraphs-False/details.txt @@ -0,0 +1,2 @@ +Usage: + tool command [flags] \ No newline at end of file diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-only-whitespace-lines-False/description.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-only-whitespace-lines-False/description.txt new file mode 100644 index 00000000..e69de29b diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-only-whitespace-lines-False/details.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-only-whitespace-lines-False/details.txt new file mode 100644 index 00000000..ce5006cb --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-only-whitespace-lines-False/details.txt @@ -0,0 +1,2 @@ +Usage: + tool command [flags] \ No newline at end of file diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-trailing-empty-lines-False/description.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-trailing-empty-lines-False/description.txt new file mode 100644 index 00000000..b9d31c6d --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-trailing-empty-lines-False/description.txt @@ -0,0 +1 @@ +Tool description. \ No newline at end of file diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-trailing-empty-lines-False/details.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-trailing-empty-lines-False/details.txt new file mode 100644 index 00000000..ce5006cb --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/description-with-trailing-empty-lines-False/details.txt @@ -0,0 +1,2 @@ +Usage: + tool command [flags] \ No newline at end of file diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/empty-description-False/description.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/empty-description-False/description.txt new file mode 100644 index 00000000..e69de29b diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/empty-description-False/details.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/empty-description-False/details.txt new file mode 100644 index 00000000..801a48ff --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/empty-description-False/details.txt @@ -0,0 +1,5 @@ +Usage: + tool command [flags] + +Flags: + -h, --help help \ No newline at end of file diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/main-help-includes-global-flags-True/description.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/main-help-includes-global-flags-True/description.txt new file mode 100644 index 00000000..9fcfce03 --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/main-help-includes-global-flags-True/description.txt @@ -0,0 +1 @@ +A vulnerability scanner for container images and filesystems. \ No newline at end of file diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/main-help-includes-global-flags-True/details.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/main-help-includes-global-flags-True/details.txt new file mode 100644 index 00000000..e7d3ec38 --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/main-help-includes-global-flags-True/details.txt @@ -0,0 +1,8 @@ +Usage: + grype [IMAGE] [flags] + +Flags: + -h, --help help for grype + +Global Flags: + -v, --verbose verbose output \ No newline at end of file diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/multi-paragraph-description-False/description.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/multi-paragraph-description-False/description.txt new file mode 100644 index 00000000..23eafa3f --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/multi-paragraph-description-False/description.txt @@ -0,0 +1,3 @@ +First paragraph of description + +Second paragraph with more details. \ No newline at end of file diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/multi-paragraph-description-False/details.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/multi-paragraph-description-False/details.txt new file mode 100644 index 00000000..801a48ff --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/multi-paragraph-description-False/details.txt @@ -0,0 +1,5 @@ +Usage: + tool command [flags] + +Flags: + -h, --help help \ No newline at end of file diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/no-usage-line-found-False/description.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/no-usage-line-found-False/description.txt new file mode 100644 index 00000000..e69de29b diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/no-usage-line-found-False/details.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/no-usage-line-found-False/details.txt new file mode 100644 index 00000000..4934531e --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/no-usage-line-found-False/details.txt @@ -0,0 +1,2 @@ +Some help text without a Usage: line +More help text \ No newline at end of file diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/non-main-help-truncates-before-global-flags-False/description.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/non-main-help-truncates-before-global-flags-False/description.txt new file mode 100644 index 00000000..743cb73c --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/non-main-help-truncates-before-global-flags-False/description.txt @@ -0,0 +1 @@ +Description text. \ No newline at end of file diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/non-main-help-truncates-before-global-flags-False/details.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/non-main-help-truncates-before-global-flags-False/details.txt new file mode 100644 index 00000000..74a12bf4 --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/non-main-help-truncates-before-global-flags-False/details.txt @@ -0,0 +1,5 @@ +Usage: + tool command [flags] + +Flags: + --local local flag diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/single-character-description-False/description.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/single-character-description-False/description.txt new file mode 100644 index 00000000..74c526a5 --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/single-character-description-False/description.txt @@ -0,0 +1 @@ +A. \ No newline at end of file diff --git a/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/single-character-description-False/details.txt b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/single-character-description-False/details.txt new file mode 100644 index 00000000..ce5006cb --- /dev/null +++ b/tests/snapshots/test_generate_reference_cli_docs/test_split_help_output/single-character-description-False/details.txt @@ -0,0 +1,2 @@ +Usage: + tool command [flags] \ No newline at end of file diff --git a/tests/test_generate_reference_cli_docs.py b/tests/test_generate_reference_cli_docs.py new file mode 100644 index 00000000..b55550b6 --- /dev/null +++ b/tests/test_generate_reference_cli_docs.py @@ -0,0 +1,36 @@ +from pathlib import Path + +import pytest +from generate_reference_cli_docs import split_help_output + +# fixtures directory containing test inputs +FIXTURES_DIR = Path(__file__).parent / "fixtures" / "split_help_output" + + +@pytest.mark.parametrize( + "test_case,is_main_help", + [ + ("basic-help-with-description-and-usage", False), + ("main-help-includes-global-flags", True), + ("multi-paragraph-description", False), + ("description-already-ends-with-period", False), + ("description-with-trailing-empty-lines", False), + ("no-usage-line-found", False), + ("empty-description", False), + ("single-character-description", False), + ("description-with-only-whitespace-lines", False), + ("non-main-help-truncates-before-global-flags", False), + ("description-with-lowercase-first-letter-gets-capitalized", False), + ("description-with-multiple-empty-lines-between-paragraphs", False), + ], +) +def test_split_help_output(test_case: str, is_main_help: bool, snapshot) -> None: + # read input + help_input = (FIXTURES_DIR / f"{test_case}.txt").read_text() + + # run function + description, details = split_help_output(help_input, is_main_help) + + # assert against snapshots + snapshot.assert_match(description, "description.txt") + snapshot.assert_match(details, "details.txt") diff --git a/uv.lock b/uv.lock new file mode 100644 index 00000000..5ac78adc --- /dev/null +++ b/uv.lock @@ -0,0 +1,412 @@ +version = 1 +revision = 1 +requires-python = ">=3.12" + +[[package]] +name = "certifi" +version = "2025.8.3" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/dc/67/960ebe6bf230a96cda2e0abcf73af550ec4f090005363542f0765df162e0/certifi-2025.8.3.tar.gz", hash = "sha256:e564105f78ded564e3ae7c923924435e1daa7463faeab5bb932bc53ffae63407", size = 162386 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/e5/48/1549795ba7742c948d2ad169c1c8cdbae65bc450d6cd753d124b17c8cd32/certifi-2025.8.3-py3-none-any.whl", hash = "sha256:f6c12493cfb1b06ba2ff328595af9350c65d6644968e5d3a2ffd78699af217a5", size = 161216 }, +] + +[[package]] +name = "cfgv" +version = "3.4.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/11/74/539e56497d9bd1d484fd863dd69cbbfa653cd2aa27abfe35653494d85e94/cfgv-3.4.0.tar.gz", hash = "sha256:e52591d4c5f5dead8e0f673fb16db7949d2cfb3f7da4582893288f0ded8fe560", size = 7114 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/c5/55/51844dd50c4fc7a33b653bfaba4c2456f06955289ca770a5dbd5fd267374/cfgv-3.4.0-py2.py3-none-any.whl", hash = "sha256:b7265b1f29fd3316bfcd2b330d63d024f2bfd8bcb8b0272f8e19a504856c48f9", size = 7249 }, +] + +[[package]] +name = "charset-normalizer" +version = "3.4.3" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/83/2d/5fd176ceb9b2fc619e63405525573493ca23441330fcdaee6bef9460e924/charset_normalizer-3.4.3.tar.gz", hash = "sha256:6fce4b8500244f6fcb71465d4a4930d132ba9ab8e71a7859e6a5d59851068d14", size = 122371 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/e9/5e/14c94999e418d9b87682734589404a25854d5f5d0408df68bc15b6ff54bb/charset_normalizer-3.4.3-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:e28e334d3ff134e88989d90ba04b47d84382a828c061d0d1027b1b12a62b39b1", size = 205655 }, + { url = "https://files.pythonhosted.org/packages/7d/a8/c6ec5d389672521f644505a257f50544c074cf5fc292d5390331cd6fc9c3/charset_normalizer-3.4.3-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:0cacf8f7297b0c4fcb74227692ca46b4a5852f8f4f24b3c766dd94a1075c4884", size = 146223 }, + { url = "https://files.pythonhosted.org/packages/fc/eb/a2ffb08547f4e1e5415fb69eb7db25932c52a52bed371429648db4d84fb1/charset_normalizer-3.4.3-cp312-cp312-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:c6fd51128a41297f5409deab284fecbe5305ebd7e5a1f959bee1c054622b7018", size = 159366 }, + { url = "https://files.pythonhosted.org/packages/82/10/0fd19f20c624b278dddaf83b8464dcddc2456cb4b02bb902a6da126b87a1/charset_normalizer-3.4.3-cp312-cp312-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:3cfb2aad70f2c6debfbcb717f23b7eb55febc0bb23dcffc0f076009da10c6392", size = 157104 }, + { url = "https://files.pythonhosted.org/packages/16/ab/0233c3231af734f5dfcf0844aa9582d5a1466c985bbed6cedab85af9bfe3/charset_normalizer-3.4.3-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:1606f4a55c0fd363d754049cdf400175ee96c992b1f8018b993941f221221c5f", size = 151830 }, + { url = "https://files.pythonhosted.org/packages/ae/02/e29e22b4e02839a0e4a06557b1999d0a47db3567e82989b5bb21f3fbbd9f/charset_normalizer-3.4.3-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:027b776c26d38b7f15b26a5da1044f376455fb3766df8fc38563b4efbc515154", size = 148854 }, + { url = "https://files.pythonhosted.org/packages/05/6b/e2539a0a4be302b481e8cafb5af8792da8093b486885a1ae4d15d452bcec/charset_normalizer-3.4.3-cp312-cp312-musllinux_1_2_ppc64le.whl", hash = "sha256:42e5088973e56e31e4fa58eb6bd709e42fc03799c11c42929592889a2e54c491", size = 160670 }, + { url = "https://files.pythonhosted.org/packages/31/e7/883ee5676a2ef217a40ce0bffcc3d0dfbf9e64cbcfbdf822c52981c3304b/charset_normalizer-3.4.3-cp312-cp312-musllinux_1_2_s390x.whl", hash = "sha256:cc34f233c9e71701040d772aa7490318673aa7164a0efe3172b2981218c26d93", size = 158501 }, + { url = "https://files.pythonhosted.org/packages/c1/35/6525b21aa0db614cf8b5792d232021dca3df7f90a1944db934efa5d20bb1/charset_normalizer-3.4.3-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:320e8e66157cc4e247d9ddca8e21f427efc7a04bbd0ac8a9faf56583fa543f9f", size = 153173 }, + { url = "https://files.pythonhosted.org/packages/50/ee/f4704bad8201de513fdc8aac1cabc87e38c5818c93857140e06e772b5892/charset_normalizer-3.4.3-cp312-cp312-win32.whl", hash = "sha256:fb6fecfd65564f208cbf0fba07f107fb661bcd1a7c389edbced3f7a493f70e37", size = 99822 }, + { url = "https://files.pythonhosted.org/packages/39/f5/3b3836ca6064d0992c58c7561c6b6eee1b3892e9665d650c803bd5614522/charset_normalizer-3.4.3-cp312-cp312-win_amd64.whl", hash = "sha256:86df271bf921c2ee3818f0522e9a5b8092ca2ad8b065ece5d7d9d0e9f4849bcc", size = 107543 }, + { url = "https://files.pythonhosted.org/packages/65/ca/2135ac97709b400c7654b4b764daf5c5567c2da45a30cdd20f9eefe2d658/charset_normalizer-3.4.3-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:14c2a87c65b351109f6abfc424cab3927b3bdece6f706e4d12faaf3d52ee5efe", size = 205326 }, + { url = "https://files.pythonhosted.org/packages/71/11/98a04c3c97dd34e49c7d247083af03645ca3730809a5509443f3c37f7c99/charset_normalizer-3.4.3-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:41d1fc408ff5fdfb910200ec0e74abc40387bccb3252f3f27c0676731df2b2c8", size = 146008 }, + { url = "https://files.pythonhosted.org/packages/60/f5/4659a4cb3c4ec146bec80c32d8bb16033752574c20b1252ee842a95d1a1e/charset_normalizer-3.4.3-cp313-cp313-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:1bb60174149316da1c35fa5233681f7c0f9f514509b8e399ab70fea5f17e45c9", size = 159196 }, + { url = "https://files.pythonhosted.org/packages/86/9e/f552f7a00611f168b9a5865a1414179b2c6de8235a4fa40189f6f79a1753/charset_normalizer-3.4.3-cp313-cp313-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:30d006f98569de3459c2fc1f2acde170b7b2bd265dc1943e87e1a4efe1b67c31", size = 156819 }, + { url = "https://files.pythonhosted.org/packages/7e/95/42aa2156235cbc8fa61208aded06ef46111c4d3f0de233107b3f38631803/charset_normalizer-3.4.3-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:416175faf02e4b0810f1f38bcb54682878a4af94059a1cd63b8747244420801f", size = 151350 }, + { url = "https://files.pythonhosted.org/packages/c2/a9/3865b02c56f300a6f94fc631ef54f0a8a29da74fb45a773dfd3dcd380af7/charset_normalizer-3.4.3-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:6aab0f181c486f973bc7262a97f5aca3ee7e1437011ef0c2ec04b5a11d16c927", size = 148644 }, + { url = "https://files.pythonhosted.org/packages/77/d9/cbcf1a2a5c7d7856f11e7ac2d782aec12bdfea60d104e60e0aa1c97849dc/charset_normalizer-3.4.3-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:fdabf8315679312cfa71302f9bd509ded4f2f263fb5b765cf1433b39106c3cc9", size = 160468 }, + { url = "https://files.pythonhosted.org/packages/f6/42/6f45efee8697b89fda4d50580f292b8f7f9306cb2971d4b53f8914e4d890/charset_normalizer-3.4.3-cp313-cp313-musllinux_1_2_s390x.whl", hash = "sha256:bd28b817ea8c70215401f657edef3a8aa83c29d447fb0b622c35403780ba11d5", size = 158187 }, + { url = "https://files.pythonhosted.org/packages/70/99/f1c3bdcfaa9c45b3ce96f70b14f070411366fa19549c1d4832c935d8e2c3/charset_normalizer-3.4.3-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:18343b2d246dc6761a249ba1fb13f9ee9a2bcd95decc767319506056ea4ad4dc", size = 152699 }, + { url = "https://files.pythonhosted.org/packages/a3/ad/b0081f2f99a4b194bcbb1934ef3b12aa4d9702ced80a37026b7607c72e58/charset_normalizer-3.4.3-cp313-cp313-win32.whl", hash = "sha256:6fb70de56f1859a3f71261cbe41005f56a7842cc348d3aeb26237560bfa5e0ce", size = 99580 }, + { url = "https://files.pythonhosted.org/packages/9a/8f/ae790790c7b64f925e5c953b924aaa42a243fb778fed9e41f147b2a5715a/charset_normalizer-3.4.3-cp313-cp313-win_amd64.whl", hash = "sha256:cf1ebb7d78e1ad8ec2a8c4732c7be2e736f6e5123a4146c5b89c9d1f585f8cef", size = 107366 }, + { url = "https://files.pythonhosted.org/packages/8e/91/b5a06ad970ddc7a0e513112d40113e834638f4ca1120eb727a249fb2715e/charset_normalizer-3.4.3-cp314-cp314-macosx_10_13_universal2.whl", hash = "sha256:3cd35b7e8aedeb9e34c41385fda4f73ba609e561faedfae0a9e75e44ac558a15", size = 204342 }, + { url = "https://files.pythonhosted.org/packages/ce/ec/1edc30a377f0a02689342f214455c3f6c2fbedd896a1d2f856c002fc3062/charset_normalizer-3.4.3-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:b89bc04de1d83006373429975f8ef9e7932534b8cc9ca582e4db7d20d91816db", size = 145995 }, + { url = "https://files.pythonhosted.org/packages/17/e5/5e67ab85e6d22b04641acb5399c8684f4d37caf7558a53859f0283a650e9/charset_normalizer-3.4.3-cp314-cp314-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:2001a39612b241dae17b4687898843f254f8748b796a2e16f1051a17078d991d", size = 158640 }, + { url = "https://files.pythonhosted.org/packages/f1/e5/38421987f6c697ee3722981289d554957c4be652f963d71c5e46a262e135/charset_normalizer-3.4.3-cp314-cp314-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:8dcfc373f888e4fb39a7bc57e93e3b845e7f462dacc008d9749568b1c4ece096", size = 156636 }, + { url = "https://files.pythonhosted.org/packages/a0/e4/5a075de8daa3ec0745a9a3b54467e0c2967daaaf2cec04c845f73493e9a1/charset_normalizer-3.4.3-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:18b97b8404387b96cdbd30ad660f6407799126d26a39ca65729162fd810a99aa", size = 150939 }, + { url = "https://files.pythonhosted.org/packages/02/f7/3611b32318b30974131db62b4043f335861d4d9b49adc6d57c1149cc49d4/charset_normalizer-3.4.3-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:ccf600859c183d70eb47e05a44cd80a4ce77394d1ac0f79dbd2dd90a69a3a049", size = 148580 }, + { url = "https://files.pythonhosted.org/packages/7e/61/19b36f4bd67f2793ab6a99b979b4e4f3d8fc754cbdffb805335df4337126/charset_normalizer-3.4.3-cp314-cp314-musllinux_1_2_ppc64le.whl", hash = "sha256:53cd68b185d98dde4ad8990e56a58dea83a4162161b1ea9272e5c9182ce415e0", size = 159870 }, + { url = "https://files.pythonhosted.org/packages/06/57/84722eefdd338c04cf3030ada66889298eaedf3e7a30a624201e0cbe424a/charset_normalizer-3.4.3-cp314-cp314-musllinux_1_2_s390x.whl", hash = "sha256:30a96e1e1f865f78b030d65241c1ee850cdf422d869e9028e2fc1d5e4db73b92", size = 157797 }, + { url = "https://files.pythonhosted.org/packages/72/2a/aff5dd112b2f14bcc3462c312dce5445806bfc8ab3a7328555da95330e4b/charset_normalizer-3.4.3-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:d716a916938e03231e86e43782ca7878fb602a125a91e7acb8b5112e2e96ac16", size = 152224 }, + { url = "https://files.pythonhosted.org/packages/b7/8c/9839225320046ed279c6e839d51f028342eb77c91c89b8ef2549f951f3ec/charset_normalizer-3.4.3-cp314-cp314-win32.whl", hash = "sha256:c6dbd0ccdda3a2ba7c2ecd9d77b37f3b5831687d8dc1b6ca5f56a4880cc7b7ce", size = 100086 }, + { url = "https://files.pythonhosted.org/packages/ee/7a/36fbcf646e41f710ce0a563c1c9a343c6edf9be80786edeb15b6f62e17db/charset_normalizer-3.4.3-cp314-cp314-win_amd64.whl", hash = "sha256:73dc19b562516fc9bcf6e5d6e596df0b4eb98d87e4f79f3ae71840e6ed21361c", size = 107400 }, + { url = "https://files.pythonhosted.org/packages/8a/1f/f041989e93b001bc4e44bb1669ccdcf54d3f00e628229a85b08d330615c5/charset_normalizer-3.4.3-py3-none-any.whl", hash = "sha256:ce571ab16d890d23b5c278547ba694193a45011ff86a9162a71307ed9f86759a", size = 53175 }, +] + +[[package]] +name = "colorama" +version = "0.4.6" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/d8/53/6f443c9a4a8358a93a6792e2acffb9d9d5cb0a5cfd8802644b7b1c9a02e4/colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44", size = 27697 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/d1/d6/3965ed04c63042e047cb6a3e6ed1a63a35087b6a609aa3a15ed8ac56c221/colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6", size = 25335 }, +] + +[[package]] +name = "distlib" +version = "0.4.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/96/8e/709914eb2b5749865801041647dc7f4e6d00b549cfe88b65ca192995f07c/distlib-0.4.0.tar.gz", hash = "sha256:feec40075be03a04501a973d81f633735b4b69f98b05450592310c0f401a4e0d", size = 614605 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/33/6b/e0547afaf41bf2c42e52430072fa5658766e3d65bd4b03a563d1b6336f57/distlib-0.4.0-py2.py3-none-any.whl", hash = "sha256:9659f7d87e46584a30b5780e43ac7a2143098441670ff0a49d5f9034c54a6c16", size = 469047 }, +] + +[[package]] +name = "filelock" +version = "3.19.1" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/40/bb/0ab3e58d22305b6f5440629d20683af28959bf793d98d11950e305c1c326/filelock-3.19.1.tar.gz", hash = "sha256:66eda1888b0171c998b35be2bcc0f6d75c388a7ce20c3f3f37aa8e96c2dddf58", size = 17687 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/42/14/42b2651a2f46b022ccd948bca9f2d5af0fd8929c4eec235b8d6d844fbe67/filelock-3.19.1-py3-none-any.whl", hash = "sha256:d38e30481def20772f5baf097c122c3babc4fcdb7e14e57049eb9d88c6dc017d", size = 15988 }, +] + +[[package]] +name = "identify" +version = "2.6.14" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/52/c4/62963f25a678f6a050fb0505a65e9e726996171e6dbe1547f79619eefb15/identify-2.6.14.tar.gz", hash = "sha256:663494103b4f717cb26921c52f8751363dc89db64364cd836a9bf1535f53cd6a", size = 99283 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/e5/ae/2ad30f4652712c82f1c23423d79136fbce338932ad166d70c1efb86a5998/identify-2.6.14-py2.py3-none-any.whl", hash = "sha256:11a073da82212c6646b1f39bb20d4483bfb9543bd5566fec60053c4bb309bf2e", size = 99172 }, +] + +[[package]] +name = "idna" +version = "3.10" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/f1/70/7703c29685631f5a7590aa73f1f1d3fa9a380e654b86af429e0934a32f7d/idna-3.10.tar.gz", hash = "sha256:12f65c9b470abda6dc35cf8e63cc574b1c52b11df2c86030af0ac09b01b13ea9", size = 190490 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/76/c6/c88e154df9c4e1a2a66ccf0005a88dfb2650c1dffb6f5ce603dfbd452ce3/idna-3.10-py3-none-any.whl", hash = "sha256:946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3", size = 70442 }, +] + +[[package]] +name = "iniconfig" +version = "2.1.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/f2/97/ebf4da567aa6827c909642694d71c9fcf53e5b504f2d96afea02718862f3/iniconfig-2.1.0.tar.gz", hash = "sha256:3abbd2e30b36733fee78f9c7f7308f2d0050e88f0087fd25c2645f63c773e1c7", size = 4793 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/2c/e1/e6716421ea10d38022b952c159d5161ca1193197fb744506875fbb87ea7b/iniconfig-2.1.0-py3-none-any.whl", hash = "sha256:9deba5723312380e77435581c6bf4935c94cbfab9b1ed33ef8d238ea168eb760", size = 6050 }, +] + +[[package]] +name = "nodeenv" +version = "1.9.1" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/43/16/fc88b08840de0e0a72a2f9d8c6bae36be573e475a6326ae854bcc549fc45/nodeenv-1.9.1.tar.gz", hash = "sha256:6ec12890a2dab7946721edbfbcd91f3319c6ccc9aec47be7c7e6b7011ee6645f", size = 47437 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/d2/1d/1b658dbd2b9fa9c4c9f32accbfc0205d532c8c6194dc0f2a4c0428e7128a/nodeenv-1.9.1-py2.py3-none-any.whl", hash = "sha256:ba11c9782d29c27c70ffbdda2d7415098754709be8a7056d79a737cd901155c9", size = 22314 }, +] + +[[package]] +name = "oss-doc-scripts" +version = "0.1.0" +source = { virtual = "." } +dependencies = [ + { name = "requests" }, +] + +[package.dev-dependencies] +dev = [ + { name = "pre-commit" }, + { name = "pyrefly" }, + { name = "pytest" }, + { name = "pytest-snapshot" }, + { name = "pytest-sugar" }, + { name = "ruff" }, + { name = "ty" }, +] + +[package.metadata] +requires-dist = [{ name = "requests", specifier = ">=2.32.5" }] + +[package.metadata.requires-dev] +dev = [ + { name = "pre-commit", specifier = ">=4.3.0" }, + { name = "pyrefly", specifier = ">=0.29.0" }, + { name = "pytest", specifier = ">=8.4.1" }, + { name = "pytest-snapshot", specifier = ">=0.9.0" }, + { name = "pytest-sugar", specifier = ">=1.0.0" }, + { name = "ruff", specifier = ">=0.12.7" }, + { name = "ty", specifier = ">=0.0.1a18" }, +] + +[[package]] +name = "packaging" +version = "25.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/a1/d4/1fc4078c65507b51b96ca8f8c3ba19e6a61c8253c72794544580a7b6c24d/packaging-25.0.tar.gz", hash = "sha256:d443872c98d677bf60f6a1f2f8c1cb748e8fe762d2bf9d3148b5599295b0fc4f", size = 165727 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/20/12/38679034af332785aac8774540895e234f4d07f7545804097de4b666afd8/packaging-25.0-py3-none-any.whl", hash = "sha256:29572ef2b1f17581046b3a2227d5c611fb25ec70ca1ba8554b24b0e69331a484", size = 66469 }, +] + +[[package]] +name = "platformdirs" +version = "4.4.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/23/e8/21db9c9987b0e728855bd57bff6984f67952bea55d6f75e055c46b5383e8/platformdirs-4.4.0.tar.gz", hash = "sha256:ca753cf4d81dc309bc67b0ea38fd15dc97bc30ce419a7f58d13eb3bf14c4febf", size = 21634 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/40/4b/2028861e724d3bd36227adfa20d3fd24c3fc6d52032f4a93c133be5d17ce/platformdirs-4.4.0-py3-none-any.whl", hash = "sha256:abd01743f24e5287cd7a5db3752faf1a2d65353f38ec26d98e25a6db65958c85", size = 18654 }, +] + +[[package]] +name = "pluggy" +version = "1.6.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/f9/e2/3e91f31a7d2b083fe6ef3fa267035b518369d9511ffab804f839851d2779/pluggy-1.6.0.tar.gz", hash = "sha256:7dcc130b76258d33b90f61b658791dede3486c3e6bfb003ee5c9bfb396dd22f3", size = 69412 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/54/20/4d324d65cc6d9205fabedc306948156824eb9f0ee1633355a8f7ec5c66bf/pluggy-1.6.0-py3-none-any.whl", hash = "sha256:e920276dd6813095e9377c0bc5566d94c932c33b27a3e3945d8389c374dd4746", size = 20538 }, +] + +[[package]] +name = "pre-commit" +version = "4.3.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "cfgv" }, + { name = "identify" }, + { name = "nodeenv" }, + { name = "pyyaml" }, + { name = "virtualenv" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/ff/29/7cf5bbc236333876e4b41f56e06857a87937ce4bf91e117a6991a2dbb02a/pre_commit-4.3.0.tar.gz", hash = "sha256:499fe450cc9d42e9d58e606262795ecb64dd05438943c62b66f6a8673da30b16", size = 193792 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/5b/a5/987a405322d78a73b66e39e4a90e4ef156fd7141bf71df987e50717c321b/pre_commit-4.3.0-py2.py3-none-any.whl", hash = "sha256:2b0747ad7e6e967169136edffee14c16e148a778a54e4f967921aa1ebf2308d8", size = 220965 }, +] + +[[package]] +name = "pygments" +version = "2.19.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/b0/77/a5b8c569bf593b0140bde72ea885a803b82086995367bf2037de0159d924/pygments-2.19.2.tar.gz", hash = "sha256:636cb2477cec7f8952536970bc533bc43743542f70392ae026374600add5b887", size = 4968631 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/c7/21/705964c7812476f378728bdf590ca4b771ec72385c533964653c68e86bdc/pygments-2.19.2-py3-none-any.whl", hash = "sha256:86540386c03d588bb81d44bc3928634ff26449851e99741617ecb9037ee5ec0b", size = 1225217 }, +] + +[[package]] +name = "pyrefly" +version = "0.35.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/91/e3/c6de578db34a64f0abc8266e89588a639725d8fae2b4b768e4901b1022a4/pyrefly-0.35.0.tar.gz", hash = "sha256:6df94964bed9a0bccfafdaea6bf69de687adb46bf851b30c28b33810ffa3d27c", size = 1646729 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/77/83/1be809682dc6a192589139b44ca2ef319d0384b7320729d29b08dd333a5e/pyrefly-0.35.0-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:a9a148cc41218a0072c952eb0e58709c779fad828a2174846f51015cc844906c", size = 6779993 }, + { url = "https://files.pythonhosted.org/packages/70/ae/9ab6a3aae57655627d93f0a8da520140ab996c025dfa910473b0c64543d7/pyrefly-0.35.0-py3-none-macosx_11_0_arm64.whl", hash = "sha256:af112fff00d79777e5f99f95917d3add1a793730f8e224529f15c9389877b9cd", size = 6319391 }, + { url = "https://files.pythonhosted.org/packages/65/77/b94cfb788a073d28345d58cd5e7ca04e796df8e5762acf74540b9f003ae1/pyrefly-0.35.0-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1494c8b143076f43b36d16ca31b6984391d32ba6834272677e0a96e8ce47e11e", size = 6561012 }, + { url = "https://files.pythonhosted.org/packages/fb/bc/17ccf1fd85d7ba8544214d3fc878bb38cefbf21b5a30e782c3bbe0c027fe/pyrefly-0.35.0-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:82affd662b0548a9988c30c7f87970bad0766be452c7f60059c22d852eaf2ec0", size = 7397813 }, + { url = "https://files.pythonhosted.org/packages/e3/7c/7d15dc569efe3100254152fcbd89f979a18ce835f1e5702bfcbac9bac22b/pyrefly-0.35.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c1644584dd584d7363b3286d0e4340f1aeebe93ddd4b519864fe27c3b28f1559", size = 7058559 }, + { url = "https://files.pythonhosted.org/packages/ba/a3/17d2d631989e9f47e3183b83bab355a567b49bdd07ebd0142f077e70d8ef/pyrefly-0.35.0-py3-none-win32.whl", hash = "sha256:c60c0e01fe6d254d2e26b5fe6071feebe13f483c2a9a98d4140fc969ae4225da", size = 6557421 }, + { url = "https://files.pythonhosted.org/packages/f4/e0/3f22a7ecacd0cd18e818f3a091798fe2c30628d207d99f4d9a7299067a4d/pyrefly-0.35.0-py3-none-win_amd64.whl", hash = "sha256:f397b9e981e5d3907c2b5cadd518337345ea4aa12a9801c14736703d041db0b6", size = 6994843 }, + { url = "https://files.pythonhosted.org/packages/1c/39/831b6545901919c893b6debd30654974900465df693dcf65710d3829617f/pyrefly-0.35.0-py3-none-win_arm64.whl", hash = "sha256:2a541cc1c75ee75fba1ffcd0ed297facc15994cf9958050b8f8a8f8f750c002b", size = 6583087 }, +] + +[[package]] +name = "pytest" +version = "8.4.2" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "colorama", marker = "sys_platform == 'win32'" }, + { name = "iniconfig" }, + { name = "packaging" }, + { name = "pluggy" }, + { name = "pygments" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/a3/5c/00a0e072241553e1a7496d638deababa67c5058571567b92a7eaa258397c/pytest-8.4.2.tar.gz", hash = "sha256:86c0d0b93306b961d58d62a4db4879f27fe25513d4b969df351abdddb3c30e01", size = 1519618 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/a8/a4/20da314d277121d6534b3a980b29035dcd51e6744bd79075a6ce8fa4eb8d/pytest-8.4.2-py3-none-any.whl", hash = "sha256:872f880de3fc3a5bdc88a11b39c9710c3497a547cfa9320bc3c5e62fbf272e79", size = 365750 }, +] + +[[package]] +name = "pytest-snapshot" +version = "0.9.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "pytest" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/9b/7b/ab8f1fc1e687218aa66acec1c3674d9c443f6a2dc8cb6a50f464548ffa34/pytest-snapshot-0.9.0.tar.gz", hash = "sha256:c7013c3abc3e860f9feff899f8b4debe3708650d8d8242a61bf2625ff64db7f3", size = 19877 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/cb/29/518f32faf6edad9f56d6e0107217f7de6b79f297a47170414a2bd4be7f01/pytest_snapshot-0.9.0-py3-none-any.whl", hash = "sha256:4b9fe1c21c868fe53a545e4e3184d36bc1c88946e3f5c1d9dd676962a9b3d4ab", size = 10715 }, +] + +[[package]] +name = "pytest-sugar" +version = "1.1.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "pytest" }, + { name = "termcolor" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/0b/4e/60fed105549297ba1a700e1ea7b828044842ea27d72c898990510b79b0e2/pytest-sugar-1.1.1.tar.gz", hash = "sha256:73b8b65163ebf10f9f671efab9eed3d56f20d2ca68bda83fa64740a92c08f65d", size = 16533 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/87/d5/81d38a91c1fdafb6711f053f5a9b92ff788013b19821257c2c38c1e132df/pytest_sugar-1.1.1-py3-none-any.whl", hash = "sha256:2f8319b907548d5b9d03a171515c1d43d2e38e32bd8182a1781eb20b43344cc8", size = 11440 }, +] + +[[package]] +name = "pyyaml" +version = "6.0.3" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/05/8e/961c0007c59b8dd7729d542c61a4d537767a59645b82a0b521206e1e25c2/pyyaml-6.0.3.tar.gz", hash = "sha256:d76623373421df22fb4cf8817020cbb7ef15c725b9d5e45f17e189bfc384190f", size = 130960 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/d1/33/422b98d2195232ca1826284a76852ad5a86fe23e31b009c9886b2d0fb8b2/pyyaml-6.0.3-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:7f047e29dcae44602496db43be01ad42fc6f1cc0d8cd6c83d342306c32270196", size = 182063 }, + { url = "https://files.pythonhosted.org/packages/89/a0/6cf41a19a1f2f3feab0e9c0b74134aa2ce6849093d5517a0c550fe37a648/pyyaml-6.0.3-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:fc09d0aa354569bc501d4e787133afc08552722d3ab34836a80547331bb5d4a0", size = 173973 }, + { url = "https://files.pythonhosted.org/packages/ed/23/7a778b6bd0b9a8039df8b1b1d80e2e2ad78aa04171592c8a5c43a56a6af4/pyyaml-6.0.3-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:9149cad251584d5fb4981be1ecde53a1ca46c891a79788c0df828d2f166bda28", size = 775116 }, + { url = "https://files.pythonhosted.org/packages/65/30/d7353c338e12baef4ecc1b09e877c1970bd3382789c159b4f89d6a70dc09/pyyaml-6.0.3-cp312-cp312-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:5fdec68f91a0c6739b380c83b951e2c72ac0197ace422360e6d5a959d8d97b2c", size = 844011 }, + { url = "https://files.pythonhosted.org/packages/8b/9d/b3589d3877982d4f2329302ef98a8026e7f4443c765c46cfecc8858c6b4b/pyyaml-6.0.3-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:ba1cc08a7ccde2d2ec775841541641e4548226580ab850948cbfda66a1befcdc", size = 807870 }, + { url = "https://files.pythonhosted.org/packages/05/c0/b3be26a015601b822b97d9149ff8cb5ead58c66f981e04fedf4e762f4bd4/pyyaml-6.0.3-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:8dc52c23056b9ddd46818a57b78404882310fb473d63f17b07d5c40421e47f8e", size = 761089 }, + { url = "https://files.pythonhosted.org/packages/be/8e/98435a21d1d4b46590d5459a22d88128103f8da4c2d4cb8f14f2a96504e1/pyyaml-6.0.3-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:41715c910c881bc081f1e8872880d3c650acf13dfa8214bad49ed4cede7c34ea", size = 790181 }, + { url = "https://files.pythonhosted.org/packages/74/93/7baea19427dcfbe1e5a372d81473250b379f04b1bd3c4c5ff825e2327202/pyyaml-6.0.3-cp312-cp312-win32.whl", hash = "sha256:96b533f0e99f6579b3d4d4995707cf36df9100d67e0c8303a0c55b27b5f99bc5", size = 137658 }, + { url = "https://files.pythonhosted.org/packages/86/bf/899e81e4cce32febab4fb42bb97dcdf66bc135272882d1987881a4b519e9/pyyaml-6.0.3-cp312-cp312-win_amd64.whl", hash = "sha256:5fcd34e47f6e0b794d17de1b4ff496c00986e1c83f7ab2fb8fcfe9616ff7477b", size = 154003 }, + { url = "https://files.pythonhosted.org/packages/1a/08/67bd04656199bbb51dbed1439b7f27601dfb576fb864099c7ef0c3e55531/pyyaml-6.0.3-cp312-cp312-win_arm64.whl", hash = "sha256:64386e5e707d03a7e172c0701abfb7e10f0fb753ee1d773128192742712a98fd", size = 140344 }, + { url = "https://files.pythonhosted.org/packages/d1/11/0fd08f8192109f7169db964b5707a2f1e8b745d4e239b784a5a1dd80d1db/pyyaml-6.0.3-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:8da9669d359f02c0b91ccc01cac4a67f16afec0dac22c2ad09f46bee0697eba8", size = 181669 }, + { url = "https://files.pythonhosted.org/packages/b1/16/95309993f1d3748cd644e02e38b75d50cbc0d9561d21f390a76242ce073f/pyyaml-6.0.3-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:2283a07e2c21a2aa78d9c4442724ec1eb15f5e42a723b99cb3d822d48f5f7ad1", size = 173252 }, + { url = "https://files.pythonhosted.org/packages/50/31/b20f376d3f810b9b2371e72ef5adb33879b25edb7a6d072cb7ca0c486398/pyyaml-6.0.3-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ee2922902c45ae8ccada2c5b501ab86c36525b883eff4255313a253a3160861c", size = 767081 }, + { url = "https://files.pythonhosted.org/packages/49/1e/a55ca81e949270d5d4432fbbd19dfea5321eda7c41a849d443dc92fd1ff7/pyyaml-6.0.3-cp313-cp313-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:a33284e20b78bd4a18c8c2282d549d10bc8408a2a7ff57653c0cf0b9be0afce5", size = 841159 }, + { url = "https://files.pythonhosted.org/packages/74/27/e5b8f34d02d9995b80abcef563ea1f8b56d20134d8f4e5e81733b1feceb2/pyyaml-6.0.3-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:0f29edc409a6392443abf94b9cf89ce99889a1dd5376d94316ae5145dfedd5d6", size = 801626 }, + { url = "https://files.pythonhosted.org/packages/f9/11/ba845c23988798f40e52ba45f34849aa8a1f2d4af4b798588010792ebad6/pyyaml-6.0.3-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:f7057c9a337546edc7973c0d3ba84ddcdf0daa14533c2065749c9075001090e6", size = 753613 }, + { url = "https://files.pythonhosted.org/packages/3d/e0/7966e1a7bfc0a45bf0a7fb6b98ea03fc9b8d84fa7f2229e9659680b69ee3/pyyaml-6.0.3-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:eda16858a3cab07b80edaf74336ece1f986ba330fdb8ee0d6c0d68fe82bc96be", size = 794115 }, + { url = "https://files.pythonhosted.org/packages/de/94/980b50a6531b3019e45ddeada0626d45fa85cbe22300844a7983285bed3b/pyyaml-6.0.3-cp313-cp313-win32.whl", hash = "sha256:d0eae10f8159e8fdad514efdc92d74fd8d682c933a6dd088030f3834bc8e6b26", size = 137427 }, + { url = "https://files.pythonhosted.org/packages/97/c9/39d5b874e8b28845e4ec2202b5da735d0199dbe5b8fb85f91398814a9a46/pyyaml-6.0.3-cp313-cp313-win_amd64.whl", hash = "sha256:79005a0d97d5ddabfeeea4cf676af11e647e41d81c9a7722a193022accdb6b7c", size = 154090 }, + { url = "https://files.pythonhosted.org/packages/73/e8/2bdf3ca2090f68bb3d75b44da7bbc71843b19c9f2b9cb9b0f4ab7a5a4329/pyyaml-6.0.3-cp313-cp313-win_arm64.whl", hash = "sha256:5498cd1645aa724a7c71c8f378eb29ebe23da2fc0d7a08071d89469bf1d2defb", size = 140246 }, + { url = "https://files.pythonhosted.org/packages/9d/8c/f4bd7f6465179953d3ac9bc44ac1a8a3e6122cf8ada906b4f96c60172d43/pyyaml-6.0.3-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:8d1fab6bb153a416f9aeb4b8763bc0f22a5586065f86f7664fc23339fc1c1fac", size = 181814 }, + { url = "https://files.pythonhosted.org/packages/bd/9c/4d95bb87eb2063d20db7b60faa3840c1b18025517ae857371c4dd55a6b3a/pyyaml-6.0.3-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:34d5fcd24b8445fadc33f9cf348c1047101756fd760b4dacb5c3e99755703310", size = 173809 }, + { url = "https://files.pythonhosted.org/packages/92/b5/47e807c2623074914e29dabd16cbbdd4bf5e9b2db9f8090fa64411fc5382/pyyaml-6.0.3-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:501a031947e3a9025ed4405a168e6ef5ae3126c59f90ce0cd6f2bfc477be31b7", size = 766454 }, + { url = "https://files.pythonhosted.org/packages/02/9e/e5e9b168be58564121efb3de6859c452fccde0ab093d8438905899a3a483/pyyaml-6.0.3-cp314-cp314-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:b3bc83488de33889877a0f2543ade9f70c67d66d9ebb4ac959502e12de895788", size = 836355 }, + { url = "https://files.pythonhosted.org/packages/88/f9/16491d7ed2a919954993e48aa941b200f38040928474c9e85ea9e64222c3/pyyaml-6.0.3-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:c458b6d084f9b935061bc36216e8a69a7e293a2f1e68bf956dcd9e6cbcd143f5", size = 794175 }, + { url = "https://files.pythonhosted.org/packages/dd/3f/5989debef34dc6397317802b527dbbafb2b4760878a53d4166579111411e/pyyaml-6.0.3-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:7c6610def4f163542a622a73fb39f534f8c101d690126992300bf3207eab9764", size = 755228 }, + { url = "https://files.pythonhosted.org/packages/d7/ce/af88a49043cd2e265be63d083fc75b27b6ed062f5f9fd6cdc223ad62f03e/pyyaml-6.0.3-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:5190d403f121660ce8d1d2c1bb2ef1bd05b5f68533fc5c2ea899bd15f4399b35", size = 789194 }, + { url = "https://files.pythonhosted.org/packages/23/20/bb6982b26a40bb43951265ba29d4c246ef0ff59c9fdcdf0ed04e0687de4d/pyyaml-6.0.3-cp314-cp314-win_amd64.whl", hash = "sha256:4a2e8cebe2ff6ab7d1050ecd59c25d4c8bd7e6f400f5f82b96557ac0abafd0ac", size = 156429 }, + { url = "https://files.pythonhosted.org/packages/f4/f4/a4541072bb9422c8a883ab55255f918fa378ecf083f5b85e87fc2b4eda1b/pyyaml-6.0.3-cp314-cp314-win_arm64.whl", hash = "sha256:93dda82c9c22deb0a405ea4dc5f2d0cda384168e466364dec6255b293923b2f3", size = 143912 }, + { url = "https://files.pythonhosted.org/packages/7c/f9/07dd09ae774e4616edf6cda684ee78f97777bdd15847253637a6f052a62f/pyyaml-6.0.3-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:02893d100e99e03eda1c8fd5c441d8c60103fd175728e23e431db1b589cf5ab3", size = 189108 }, + { url = "https://files.pythonhosted.org/packages/4e/78/8d08c9fb7ce09ad8c38ad533c1191cf27f7ae1effe5bb9400a46d9437fcf/pyyaml-6.0.3-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:c1ff362665ae507275af2853520967820d9124984e0f7466736aea23d8611fba", size = 183641 }, + { url = "https://files.pythonhosted.org/packages/7b/5b/3babb19104a46945cf816d047db2788bcaf8c94527a805610b0289a01c6b/pyyaml-6.0.3-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:6adc77889b628398debc7b65c073bcb99c4a0237b248cacaf3fe8a557563ef6c", size = 831901 }, + { url = "https://files.pythonhosted.org/packages/8b/cc/dff0684d8dc44da4d22a13f35f073d558c268780ce3c6ba1b87055bb0b87/pyyaml-6.0.3-cp314-cp314t-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:a80cb027f6b349846a3bf6d73b5e95e782175e52f22108cfa17876aaeff93702", size = 861132 }, + { url = "https://files.pythonhosted.org/packages/b1/5e/f77dc6b9036943e285ba76b49e118d9ea929885becb0a29ba8a7c75e29fe/pyyaml-6.0.3-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:00c4bdeba853cc34e7dd471f16b4114f4162dc03e6b7afcc2128711f0eca823c", size = 839261 }, + { url = "https://files.pythonhosted.org/packages/ce/88/a9db1376aa2a228197c58b37302f284b5617f56a5d959fd1763fb1675ce6/pyyaml-6.0.3-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:66e1674c3ef6f541c35191caae2d429b967b99e02040f5ba928632d9a7f0f065", size = 805272 }, + { url = "https://files.pythonhosted.org/packages/da/92/1446574745d74df0c92e6aa4a7b0b3130706a4142b2d1a5869f2eaa423c6/pyyaml-6.0.3-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:16249ee61e95f858e83976573de0f5b2893b3677ba71c9dd36b9cf8be9ac6d65", size = 829923 }, + { url = "https://files.pythonhosted.org/packages/f0/7a/1c7270340330e575b92f397352af856a8c06f230aa3e76f86b39d01b416a/pyyaml-6.0.3-cp314-cp314t-win_amd64.whl", hash = "sha256:4ad1906908f2f5ae4e5a8ddfce73c320c2a1429ec52eafd27138b7f1cbe341c9", size = 174062 }, + { url = "https://files.pythonhosted.org/packages/f1/12/de94a39c2ef588c7e6455cfbe7343d3b2dc9d6b6b2f40c4c6565744c873d/pyyaml-6.0.3-cp314-cp314t-win_arm64.whl", hash = "sha256:ebc55a14a21cb14062aa4162f906cd962b28e2e9ea38f9b4391244cd8de4ae0b", size = 149341 }, +] + +[[package]] +name = "requests" +version = "2.32.5" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "certifi" }, + { name = "charset-normalizer" }, + { name = "idna" }, + { name = "urllib3" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/c9/74/b3ff8e6c8446842c3f5c837e9c3dfcfe2018ea6ecef224c710c85ef728f4/requests-2.32.5.tar.gz", hash = "sha256:dbba0bac56e100853db0ea71b82b4dfd5fe2bf6d3754a8893c3af500cec7d7cf", size = 134517 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/1e/db/4254e3eabe8020b458f1a747140d32277ec7a271daf1d235b70dc0b4e6e3/requests-2.32.5-py3-none-any.whl", hash = "sha256:2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6", size = 64738 }, +] + +[[package]] +name = "ruff" +version = "0.13.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/02/df/8d7d8c515d33adfc540e2edf6c6021ea1c5a58a678d8cfce9fae59aabcab/ruff-0.13.2.tar.gz", hash = "sha256:cb12fffd32fb16d32cef4ed16d8c7cdc27ed7c944eaa98d99d01ab7ab0b710ff", size = 5416417 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/6e/84/5716a7fa4758e41bf70e603e13637c42cfb9dbf7ceb07180211b9bbf75ef/ruff-0.13.2-py3-none-linux_armv6l.whl", hash = "sha256:3796345842b55f033a78285e4f1641078f902020d8450cade03aad01bffd81c3", size = 12343254 }, + { url = "https://files.pythonhosted.org/packages/9b/77/c7042582401bb9ac8eff25360e9335e901d7a1c0749a2b28ba4ecb239991/ruff-0.13.2-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:ff7e4dda12e683e9709ac89e2dd436abf31a4d8a8fc3d89656231ed808e231d2", size = 13040891 }, + { url = "https://files.pythonhosted.org/packages/c6/15/125a7f76eb295cb34d19c6778e3a82ace33730ad4e6f28d3427e134a02e0/ruff-0.13.2-py3-none-macosx_11_0_arm64.whl", hash = "sha256:c75e9d2a2fafd1fdd895d0e7e24b44355984affdde1c412a6f6d3f6e16b22d46", size = 12243588 }, + { url = "https://files.pythonhosted.org/packages/9e/eb/0093ae04a70f81f8be7fd7ed6456e926b65d238fc122311293d033fdf91e/ruff-0.13.2-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cceac74e7bbc53ed7d15d1042ffe7b6577bf294611ad90393bf9b2a0f0ec7cb6", size = 12491359 }, + { url = "https://files.pythonhosted.org/packages/43/fe/72b525948a6956f07dad4a6f122336b6a05f2e3fd27471cea612349fedb9/ruff-0.13.2-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:6ae3f469b5465ba6d9721383ae9d49310c19b452a161b57507764d7ef15f4b07", size = 12162486 }, + { url = "https://files.pythonhosted.org/packages/6a/e3/0fac422bbbfb2ea838023e0d9fcf1f30183d83ab2482800e2cb892d02dfe/ruff-0.13.2-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4f8f9e3cd6714358238cd6626b9d43026ed19c0c018376ac1ef3c3a04ffb42d8", size = 13871203 }, + { url = "https://files.pythonhosted.org/packages/6b/82/b721c8e3ec5df6d83ba0e45dcf00892c4f98b325256c42c38ef136496cbf/ruff-0.13.2-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:c6ed79584a8f6cbe2e5d7dbacf7cc1ee29cbdb5df1172e77fbdadc8bb85a1f89", size = 14929635 }, + { url = "https://files.pythonhosted.org/packages/c4/a0/ad56faf6daa507b83079a1ad7a11694b87d61e6bf01c66bd82b466f21821/ruff-0.13.2-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:aed130b2fde049cea2019f55deb939103123cdd191105f97a0599a3e753d61b0", size = 14338783 }, + { url = "https://files.pythonhosted.org/packages/47/77/ad1d9156db8f99cd01ee7e29d74b34050e8075a8438e589121fcd25c4b08/ruff-0.13.2-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:1887c230c2c9d65ed1b4e4cfe4d255577ea28b718ae226c348ae68df958191aa", size = 13355322 }, + { url = "https://files.pythonhosted.org/packages/64/8b/e87cfca2be6f8b9f41f0bb12dc48c6455e2d66df46fe61bb441a226f1089/ruff-0.13.2-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:5bcb10276b69b3cfea3a102ca119ffe5c6ba3901e20e60cf9efb53fa417633c3", size = 13354427 }, + { url = "https://files.pythonhosted.org/packages/7f/df/bf382f3fbead082a575edb860897287f42b1b3c694bafa16bc9904c11ed3/ruff-0.13.2-py3-none-manylinux_2_31_riscv64.whl", hash = "sha256:afa721017aa55a555b2ff7944816587f1cb813c2c0a882d158f59b832da1660d", size = 13537637 }, + { url = "https://files.pythonhosted.org/packages/51/70/1fb7a7c8a6fc8bd15636288a46e209e81913b87988f26e1913d0851e54f4/ruff-0.13.2-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:1dbc875cf3720c64b3990fef8939334e74cb0ca65b8dbc61d1f439201a38101b", size = 12340025 }, + { url = "https://files.pythonhosted.org/packages/4c/27/1e5b3f1c23ca5dd4106d9d580e5c13d9acb70288bff614b3d7b638378cc9/ruff-0.13.2-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:5b939a1b2a960e9742e9a347e5bbc9b3c3d2c716f86c6ae273d9cbd64f193f22", size = 12133449 }, + { url = "https://files.pythonhosted.org/packages/2d/09/b92a5ccee289f11ab128df57d5911224197d8d55ef3bd2043534ff72ca54/ruff-0.13.2-py3-none-musllinux_1_2_i686.whl", hash = "sha256:50e2d52acb8de3804fc5f6e2fa3ae9bdc6812410a9e46837e673ad1f90a18736", size = 13051369 }, + { url = "https://files.pythonhosted.org/packages/89/99/26c9d1c7d8150f45e346dc045cc49f23e961efceb4a70c47dea0960dea9a/ruff-0.13.2-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:3196bc13ab2110c176b9a4ae5ff7ab676faaa1964b330a1383ba20e1e19645f2", size = 13523644 }, + { url = "https://files.pythonhosted.org/packages/f7/00/e7f1501e81e8ec290e79527827af1d88f541d8d26151751b46108978dade/ruff-0.13.2-py3-none-win32.whl", hash = "sha256:7c2a0b7c1e87795fec3404a485096bcd790216c7c146a922d121d8b9c8f1aaac", size = 12245990 }, + { url = "https://files.pythonhosted.org/packages/ee/bd/d9f33a73de84fafd0146c6fba4f497c4565fe8fa8b46874b8e438869abc2/ruff-0.13.2-py3-none-win_amd64.whl", hash = "sha256:17d95fb32218357c89355f6f6f9a804133e404fc1f65694372e02a557edf8585", size = 13324004 }, + { url = "https://files.pythonhosted.org/packages/c3/12/28fa2f597a605884deb0f65c1b1ae05111051b2a7030f5d8a4ff7f4599ba/ruff-0.13.2-py3-none-win_arm64.whl", hash = "sha256:da711b14c530412c827219312b7d7fbb4877fb31150083add7e8c5336549cea7", size = 12484437 }, +] + +[[package]] +name = "termcolor" +version = "3.1.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/ca/6c/3d75c196ac07ac8749600b60b03f4f6094d54e132c4d94ebac6ee0e0add0/termcolor-3.1.0.tar.gz", hash = "sha256:6a6dd7fbee581909eeec6a756cff1d7f7c376063b14e4a298dc4980309e55970", size = 14324 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/4f/bd/de8d508070629b6d84a30d01d57e4a65c69aa7f5abe7560b8fad3b50ea59/termcolor-3.1.0-py3-none-any.whl", hash = "sha256:591dd26b5c2ce03b9e43f391264626557873ce1d379019786f99b0c2bee140aa", size = 7684 }, +] + +[[package]] +name = "ty" +version = "0.0.1a21" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/b7/0f/65606ccee2da5a05a3c3362f5233f058e9d29d3c5521697c7ae79545d246/ty-0.0.1a21.tar.gz", hash = "sha256:e941e9a9d1e54b03eeaf9c3197c26a19cf76009fd5e41e16e5657c1c827bd6d3", size = 4263980 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/d3/7a/c87a42d0a45cfa2d5c06c8d66aa1b243db16dc31b25e545fb0263308523b/ty-0.0.1a21-py3-none-linux_armv6l.whl", hash = "sha256:1f276ceab23a1410aec09508248c76ae0989c67fb7a0c287e0d4564994295531", size = 8421116 }, + { url = "https://files.pythonhosted.org/packages/99/c2/721bf4fa21c84d4cdae0e57a06a88e7e64fc2dca38820232bd6cbeef644f/ty-0.0.1a21-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:3c3bc66fcae41eff133cfe326dd65d82567a2fb5d4efe2128773b10ec2766819", size = 8512556 }, + { url = "https://files.pythonhosted.org/packages/6c/58/b0585d9d61673e864a87e95760dfa2a90ac15702e7612ab064d354f6752a/ty-0.0.1a21-py3-none-macosx_11_0_arm64.whl", hash = "sha256:cc0880ec344fbdf736b05d8d0da01f0caaaa02409bd9a24b68d18d0127a79b0e", size = 8109188 }, + { url = "https://files.pythonhosted.org/packages/ea/08/edf7b59ba24bb1a1af341207fc5a0106eb1fe4264c1d7fb672c171dd2daf/ty-0.0.1a21-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:334d2a212ebf42a0e55d57561926af7679fe1e878175e11dcb81ad8df892844e", size = 8279000 }, + { url = "https://files.pythonhosted.org/packages/05/8e/4b5e562623e0aa24a3972510287b4bc5d98251afb353388d14008ea99954/ty-0.0.1a21-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:a8c769987d00fbc33054ff7e342633f475ea10dc43bc60fb9fb056159d48cb90", size = 8243261 }, + { url = "https://files.pythonhosted.org/packages/c3/09/6476fa21f9962d5b9c8e8053fd0442ed8e3ceb7502e39700ab1935555199/ty-0.0.1a21-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:218d53e7919e885bd98e9196d9cb952d82178b299aa36da6f7f39333eb7400ed", size = 9150228 }, + { url = "https://files.pythonhosted.org/packages/d2/96/49c158b6255fc1e22a5701c38f7d4c1b7f8be17a476ce9226fcae82a7b36/ty-0.0.1a21-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:84243455f295ed850bd53f7089819321807d4e6ee3b1cbff6086137ae0259466", size = 9628323 }, + { url = "https://files.pythonhosted.org/packages/f4/65/37a8a5cb7b3254365c54b5e10f069e311c4252ed160b86fabd1203fbca5c/ty-0.0.1a21-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:87a200c21e02962e8a27374d9d152582331d57d709672431be58f4f898bf6cad", size = 9251233 }, + { url = "https://files.pythonhosted.org/packages/a3/30/5b06120747da4a0f0bc54a4b051b42172603033dbee0bcf51bce7c21ada9/ty-0.0.1a21-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:be8f457d7841b7ead2a3f6b65ba668abc172a1150a0f1f6c0958af3725dbb61a", size = 8996186 }, + { url = "https://files.pythonhosted.org/packages/af/fc/5aa122536b1acb57389f404f6328c20342242b78513a60459fee9b7d6f27/ty-0.0.1a21-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:1474d883129bb63da3b2380fc7ead824cd3baf6a9551e6aa476ffefc58057af3", size = 8722848 }, + { url = "https://files.pythonhosted.org/packages/3a/c1/456dcc65a149df8410b1d75f0197a31d4beef74b7bb44cce42b03bf074e8/ty-0.0.1a21-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:0efba2e52b58f536f4198ba5c4a36cac2ba67d83ec6f429ebc7704233bcda4c3", size = 8220727 }, + { url = "https://files.pythonhosted.org/packages/a4/86/b37505d942cd68235be5be407e43e15afa36669aaa2db9b6e5b43c1d9f91/ty-0.0.1a21-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:5dfc73299d441cc6454e36ed0a976877415024143dfca6592dc36f7701424383", size = 8279114 }, + { url = "https://files.pythonhosted.org/packages/55/fe/0d9816f36d258e6b2a3d7518421be17c68954ea9a66b638de49588cc2e27/ty-0.0.1a21-py3-none-musllinux_1_2_i686.whl", hash = "sha256:ba13d03b9e095216ceb4e4d554a308517f28ab0a6e4dcd07cfe94563e4c2c489", size = 8701798 }, + { url = "https://files.pythonhosted.org/packages/4e/7a/70539932e3e5a36c54bd5432ff44ed0c301c41a528365d8de5b8f79f4317/ty-0.0.1a21-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:9463cac96b8f1bb5ba740fe1d42cd6bd152b43c5b159b2f07f8fd629bcdded34", size = 8872676 }, + { url = "https://files.pythonhosted.org/packages/ea/94/809d85f6982841fe28526ace3b282b0458d0a96bbc6b1a982d9269a5e481/ty-0.0.1a21-py3-none-win32.whl", hash = "sha256:ecf41706b803827b0de8717f32a434dad1e67be9f4b8caf403e12013179ea06a", size = 8003866 }, + { url = "https://files.pythonhosted.org/packages/50/16/b3e914cec2a6344d2c30d3780ca6ecd39667173611f8776cecfd1294eab9/ty-0.0.1a21-py3-none-win_amd64.whl", hash = "sha256:7505aeb8bf2a62f00f12cfa496f6c965074d75c8126268776565284c8a12d5dd", size = 8675300 }, + { url = "https://files.pythonhosted.org/packages/16/0b/293be6bc19f6da5e9b15e615a7100504f307dd4294d2c61cee3de91198e5/ty-0.0.1a21-py3-none-win_arm64.whl", hash = "sha256:21f708d02b6588323ffdbfdba38830dd0ecfd626db50aa6006b296b5470e52f9", size = 8193800 }, +] + +[[package]] +name = "urllib3" +version = "2.5.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/15/22/9ee70a2574a4f4599c47dd506532914ce044817c7752a79b6a51286319bc/urllib3-2.5.0.tar.gz", hash = "sha256:3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760", size = 393185 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/a7/c2/fe1e52489ae3122415c51f387e221dd0773709bad6c6cdaa599e8a2c5185/urllib3-2.5.0-py3-none-any.whl", hash = "sha256:e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc", size = 129795 }, +] + +[[package]] +name = "virtualenv" +version = "20.34.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "distlib" }, + { name = "filelock" }, + { name = "platformdirs" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/1c/14/37fcdba2808a6c615681cd216fecae00413c9dab44fb2e57805ecf3eaee3/virtualenv-20.34.0.tar.gz", hash = "sha256:44815b2c9dee7ed86e387b842a84f20b93f7f417f95886ca1996a72a4138eb1a", size = 6003808 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/76/06/04c8e804f813cf972e3262f3f8584c232de64f0cde9f703b46cf53a45090/virtualenv-20.34.0-py3-none-any.whl", hash = "sha256:341f5afa7eee943e4984a9207c025feedd768baff6753cd660c857ceb3e36026", size = 5983279 }, +]